Systems and methods for applying a unique user identifier across multiple websites

ABSTRACT

Various embodiments provide systems for registering a user with at least two websites. The systems comprise a memory and at least one processor configured to ( 1 ) receive a first set of attributes from a first website for the user; ( 2 ) allocate a unique user identifier that is associated with the user; ( 3 ) associate the unique user identifier and the first set of attributes; and ( 4 ) store the unique user identifier and the first set of attributes in the memory. In particular embodiments, the processor is further configured to receive a second set of attributes from a second website for the user, and after receiving the second set of attributes compare one or more attributes of the first set of attributes with one or more attributes of the second set of attributes. Associated methods are also provided.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Application Ser.No. 61/520,164, filed Jun. 3, 2011, the contents of which, including anyappendices attached thereto, is hereby incorporated herein by referencein its entirety.

This application further herein incorporates by reference U.S.Provisional Patent Application Ser. No. 60/745,561, entitled “Systemsand Methods for Providing Financial Transactions over a Network,” filedon Apr. 25, 2006, and U.S. patent application Ser. No. 11/609,775,entitled “Systems and Methods for Determining Taxes Owed for FinancialTransactions Conducted over a Network,” filed on Dec. 12, 2006 and nowU.S. Pat. No. 8,099,329, U.S. patent application Ser. No. 11/609,779,entitled “Systems and Methods for Funding Payback Requests for FinancialTransactions,” filed on Dec. 12, 2006 and now U.S. Pat. No. 7,941,370,co-pending U.S. patent application Ser. No. 11/609,785, entitled“Systems and Methods for Identifying Potentially Fraudulent FinancialTransactions and Compulsive Spending Behavior,” filed on Dec. 12, 2006,co-pending U.S. patent application Ser. No. 11/609,792, entitled“Systems and Methods for Determining Regulations Governing FinancialTransactions Conducted Over a Network,” filed on Dec. 12, 2006, andco-pending U.S. patent application Ser. No. 12/257,883, entitled“Financial Transactions Systems and Methods”, filed on Oct. 24, 2008,the contents of all of which are herein incorporated by reference intheir entirety.

BACKGROUND

Every day, millions of individuals choose to engage in onlinetransaction activities. Such transaction activities may include buying,selling, trading, and sharing of products and services, experiencingmedia such as videos, games, music, pictures, and written material, andparticipating in interactive experiences such as blogging, posting,tweeting, and engaging in social networks. In many instances,individuals engaging in online transaction activities with otherindividuals may be concerned with knowing specific information about theindividuals they are dealing with online. Such information may be vitalin determining whether a particular individual is willing and able toengage in a particular transaction activity with another individual.

For instance, a media operator (e.g., HBO®) may be operating a websiteon the Internet that makes available adult-themed media. For example,the media operator may have a website that may provide movies forvisitors to the website to watch. Some of the movies may have anR-rating and the operator may want to confirm a particular visitor whohas requested to view such a movie is of proper age. In other instances,an online merchant may want to verify the identity of a shopper prior tocompleting a sales transaction with the shopper on the merchant'swebsite in order for the merchant to minimize fraud occurring in suchtransactions. For example, the merchant may want to confirm theindividual using a particular credit card for payment is actually theindividual the credit card was issued to.

In other instances, particular transaction activities may be subject toregulations. For example, Internet gambling and the sale of certaingoods such as alcohol, fire arms, and/or adult materials may berestricted by one or more authorities (e.g., governments). Suchrestrictions may be based on a number of factors such as the age of thepotential participate/purchaser and/or the location of the potentialparticipate/purchaser. For instance, one specific example of such apotential regulation is the Internet Gambling Regulation, ConsumerProtection, and Enforcement Act (“Act”) that has been proposed in theUnited States. This Act is aimed at providing a federal regulatory andenforcement framework under which Internet gambling operators mustobtain licenses authorizing them to accept bets and wagers fromindividuals in the United States, on the condition they maintaineffective protections. These protections include such items as: (1)ensuring an individual placing a bet or wager is of legal age as definedby the jurisdiction in which the individual is located; (2) ensuring anindividual placing a bet or wager is physically located in ajurisdiction that permits Internet gambling; (3) protecting the privacyand security of the individual; (4) combating fraud and moneylaundering; and (5) combating compulsive gambling.

Thus, as a result, many online operators are in need of services andmechanisms to assist them in determining specific information aboutindividuals the operators may engage in transaction activities withand/or to help these operators ensure certain protections areeffectively enforced. Accordingly, various embodiments of the presentinvention involve systems and methods for providing such services andmechanisms. For instance, various embodiments described herein providesystems and methods for facilitating such services and technicalmechanisms as registering users, validating users, underage controls,jurisdiction controls, compulsive behavior controls, settlementfunctions, and tax identification and collection. In addition, a numberof these services and technical mechanisms are designed to ensure theyare provided in an effective and efficient manner to help reducecomputer processing capacity, minimize system requirements, and reducememory usage.

BRIEF SUMMARY OF VARIOUS EMBODIMENTS

Various embodiments of the present invention provide a system forregistering a user with at least two websites. According to particularembodiments, the system comprises a memory and at least one processorconfigured to receive a first set of attributes from a first website forthe user, the first set of attributes comprising one or more attributesassociated with the user. After receiving the first set of attributes,the processor is further configured to: (1) allocate a unique useridentifier that is associated with the user; (2) associate the uniqueuser identifier and the first set of attributes; and (3) store theunique user identifier and the first set of attributes in the memory. Inparticular embodiments, the processor is further configured to receive asecond set of attributes from a second website for the user, the secondset of attributes comprising one or more attributes associated with theuser; and after receiving the second set of attributes: (1) compare oneor more attributes of the first set of attributes with one or moreattributes of the second set of attributes; and (2) in response to atleast one attribute of the first set of attributes matching at least oneattribute of the second set of attributes, associate the unique useridentifier and the second set of attributes, wherein after associatingthe unique user identifier with the second set of attributes, at leastone attribute of the first set of attributes is provided to the secondwebsite.

Various embodiments of the present invention provide a method forregistering a user with at least two websites. According to particularembodiments, the method comprises the steps of: (a) receiving a firstset of attributes over a network from a first website for the user, thefirst set of attributes comprising one or more attributes associatedwith the user; (b) after receiving the first set of attributes: (1)allocating a unique user identifier that is associated with the user byat least one computing device comprising at least one processor; (2)associating the unique user identifier and the first set of attributes;and (3) storing the unique user identifier and the first set ofattributes in a memory of the at least one computing device; (c)receiving a second set of attributes over the network from a secondwebsite for the user, the second set of attributes comprising one ormore attributes associated with the user; and (d) after receiving thesecond set of attributes: (1) comparing one or more attributes of thefirst set of attributes with one or more attributes of the second set ofattributes by the at least one processor; and (2) in response to atleast one attribute of the first set of attributes matching at least oneattribute of the second set of attributes, associating the unique useridentifier and the second set of attributes in the memory, wherein afterassociating the unique user identifier with the second set ofattributes, at least one attribute of the first set of attributes isprovided to the second website over the network.

In still further various embodiments of the present invention, a systemis provided for registering a user with at least two websites. Thesystem comprises a memory and at least one processor. The at least oneprocessor is particularly configured to: (a) receive user registrationinformation from the user; (b) after receiving the user registrationinformation: (1) allocate a unique user identifier that is associatedwith the user; (2) associate the unique user identifier and the userregistration information; (3) store the unique user identifier and theuser registration information in the memory; and (4) provide the uniqueuser identifier to the user; (c) receive first registration informationfrom a first website; (d) after receiving the first registrationinformation, register the first website for a validation service; (e)receive second registration information from a second website; (f) afterreceiving the second registration information, register the secondwebsite for the validation service; (g) receive the unique useridentifier from the first website; (h) after receiving the unique useridentifier from the first website: (1) apply the validation service toobtain a first validation result indicating what transaction activitiesthe user can conduct on the first website; and (2) communicate the firstvalidation result to the first website; (i) receive the unique useridentifier from the second website; and (j) after receiving the uniqueuser identifier from the second website: (1) apply the validationservice to obtain a second validation result indicating what transactionactivities the user can conduct on the second website; and (2)communicate the second validation result to the first website.

Likewise, according to various embodiments, a method is provided forregistering a user with at least two websites. The method comprises thesteps of: (a) receiving user registration information from the user; (b)after receiving the user registration information: (1) allocating aunique user identifier that is associated with the user by at least onecomputing device comprising at least one processor; (2) associating theunique user identifier and the user registration information; (3)storing the unique user identifier and the user registration informationin a memory of the at least one computing device; and (4) providing theunique user identifier to the user; (c) receiving first registrationinformation from a first website; (d) after receiving the firstregistration information, registering the first website for a validationservice by the at least one processor; (e) receiving second registrationinformation from a second website; (f) after receiving the secondregistration information, registering the second website for thevalidation service by the at least one processor; (g) receiving theunique user identifier from the first website; (h) after receiving theunique user identifier from the first website: (1) applying thevalidation service, by the at least one processor, to obtain a firstvalidation result indicating what transaction activities the user canconduct on the first website; and (2) communicating the first validationresult to the first website; (i) receiving the unique user identifierfrom the second website; and (j) after receiving the unique useridentifier from the second website: (1) applying the validation service,by the at least one processor, to obtain a second validation resultindicating what transaction activities the user can conduct on thesecond website; and (2) communicating the second validation result tothe first website.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described various embodiments of the invention in generalterms, reference will now be made to the accompanying drawings, whichare not necessarily drawn to scale, and wherein:

FIG. 1 is a flow diagram illustrating the registration process accordingto various embodiments of the invention.

FIG. 2 is a flow diagram illustrating the validation process accordingto various embodiments of the invention.

FIG. 3 is a schematic diagram illustrating a system architecture thatcan be used in conjunction with various embodiments of the presentinvention.

FIG. 4 is a schematic diagram illustrating an OSP server according tovarious embodiments of the invention.

FIG. 5A is a flow diagram of a registration module according to variousembodiments of the invention.

FIG. 5B is another flow diagram of a registration module according tovarious embodiments of the invention.

FIG. 6 is a flow diagram of a validation module according to variousembodiments of the invention.

FIG. 7 is a flow diagram of a self-exclusion check according to variousembodiments of the invention.

FIG. 8 is a flow diagram of a self-exclusion module according to variousembodiments of the invention.

FIG. 9 is a flow diagram of a behavior analysis module according tovarious embodiments of the invention.

FIG. 10 is a flow diagram of a chargeback module according to variousembodiments of the invention.

FIG. 11 is a flow diagram of an authorization module according tovarious embodiments of the invention.

FIG. 11A is a flow diagram of an authorization module according to otherembodiments of the invention.

FIG. 12 is a flow diagram of a settlement module according to variousembodiments of the invention.

FIG. 13 is a flow diagram of an ASP module according to variousembodiments of the invention.

DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS OF THE INVENTION

Various embodiments of the present invention now will be described morefully with reference to the accompanying drawings, in which some, butnot all embodiments of the invention are shown. Indeed, this inventionmay be embodied in many different forms and should not be construed aslimited to the embodiments set forth herein. Rather, these embodimentsare provided so that this disclosure will satisfy applicable legalrequirements. Like numbers refer to like elements throughout.

Brief Overview

In general, various embodiments of the present invention involve systemsand methods providing services and mechanisms to online websites (andoperators thereof) for gathering information about individuals (e.g.,the users that the websites may engage in transaction activities with)and for facilitating the provision of restricted activities to theseusers. In addition, various embodiments of the present invention involvesystems and methods ensuring certain protections are maintained withregard to these transaction activities. In various embodiments, thesystems and methods provide a seamless user experience and a straightforward integration by the online website into its existing platform.Further, in various embodiments, the systems and methods provide suchservices and mechanisms as user registration, user validation, underagecontrols, jurisdiction controls, compulsive behavior controls,settlement functions, and tax identification and collection.

The various parties that may be involved in the systems and methodsdescribed herein include users, websites, and an online service provider(OSP). A “user” is an individual that requests to engage in one or moretransaction activities on one or more websites. A “website” is anInternet-based site owned and operated by an entity (e.g.,organization), who may also be referred to elsewhere herein as an“operator.” In some instances, a website may be a “restricted website”that provides restricted products and/or restricted services that may be“restricted” with respect to the users who may engage in/purchase suchproducts and/or services. As commonly known and understood in the art,websites generally contain a set of related web pages containing avariety of content, which is accessible from a simple Uniform ResourceLocator (URL), also referred to as the web address of the website. Withthat in mind, in some instances, where two or more independent websitesare referred to elsewhere herein, such should be understood to refer totwo distinct URL domain names (e.g., www.B.com and www.B.com), twodistinct URL subdomain names (e.g., www.A.com/one and www.A.com/two), orany of a variety of alternative distinct URLs, as may be desirable forparticular applications. Notably, however defined, the two or morewebsites may be, according to certain embodiments, independently ownedand operated. Of course, in still other embodiments, the two or morewebsites may be commonly owned and/or generally related, as may bedesirable for particular applications.

Thus, in various embodiments, the OSP provides services and mechanismsto a number of different websites and/or users conducting a variety ofdifferent transactions on a number of different websites. In manyinstances, websites (e.g., operators' systems) communicate directly withthe OSP (e.g., the OSP's system) to acquire particular services andmechanisms from the OSP. In other instances, users (e.g., computingdevices associated with the users) communicate directly with the OSP(e.g., the OSP's system).

Further, in various embodiments, third parties may be used by the OSPfor implementing several of the OSP's services. For instance, the OSPmay use third parties for such services as Geo-IP-location,know-your-customer provisions, digital fingerprint analysis, creditscoring, and mobile location services. Finally, in various embodiments,the OSP may interface with other systems such as, for instance, anaccounting service provider (ASP). In particular embodiments, the ASPprovides the OSP with such services as settlement of credit cardtransactions, reconciliation of transactions, generation ofreconciliation reports, and taxation services.

In various embodiments, many of the services and mechanisms provided bythe OSP may be broken down into two distinct processes: (1) registrationand (2) validation. In order for a user to engage in transactionactivities on particular Internet websites associated with the OSP, theuser may first need to register with the OSP, directly or indirectlythrough the website. In addition, in particular embodiments, in orderfor a user to engage in transaction activities on a particular Internetwebsite, the user may need to first open an account that is used on theparticular website. This is accomplished as an adjunct to theregistration process. In this manner, as will be described in furtherdetail below, the registration of an individual may serve multiplepurposes. For instance, in particular embodiments, the registration of auser may serve to facilitate and track the user's activities acrossmultiple websites. In other embodiments, the registration of a user mayserve to provide a validation of the user so that the user such that thewebsite may forego the need to undertake a full verification of the userprior to the occurrence of each restricted purchase, all as will bedescribed in further detail below.

According to various embodiments, websites may register with the OSP toparticipate in the verification and validation service. Accordingly, incertain embodiments, a website may refer a user who has not previouslysigned up to the OSP for registration and validation. In otherembodiments, for example, where the user is already registered, thewebsite may pass the user to the OSP for a fast and simple validation,via the user's unique user identifier, as will be described in furtherdetail below. In this manner, the OSP may then issue the website with asession identifier, which may comprise a certificate, both or either ofwhich may subsequently be embodied into the financial transaction asproof of compliance with the law.

Of course, in still other various embodiments, the registration of auser may serve both purposes. The OSP therefore can provide two types ofservice. First, in certain embodiments, the OSP may provide a whitelabel on behalf of service that is invisible to the user as theregistration pages carry the associated individual website's branding.This white label model according to various embodiments would betypically employed for websites that have account relationships with theuser or for websites that have recurring transactions by users. Second,the OSP may, in still other various embodiments, provide a branded userfacing service whereby the user will log directly into the OSP's websiteto register. In this model, on successful verification, the user may be,according to certain embodiments, issued with the unique user identifierand asked to choose a password. Such registration will enable the userto make purchases on participating websites via only a simple validationprocess. This OSP branded model would typically be employed acrossmultiple restricted-product merchant websites, all as will be describedin further detail below.

According to various embodiments, the validation process involvesvalidating what transaction activities a user may perform on aparticular website while the user is engaged in an interactive sessionwith the website. For example, these activities may include purchasingan item or service, depositing funds with the website, viewing media,playing games, placing wagers, withdrawing funds from the website, andsetting up limiting parameters and/or self-exclusion parameters inconnection with deterring potentially problematic behavior. Describedbelow are the registration and validation processes in general terms.Although these general descriptions of the processes are provided as anoverview of these processes, the descriptions immediately followingherein should not be construed to limit the scope of the claimedinvention.

FIG. 1 provides a general diagram of a registration process according tovarious embodiments. The process begins in certain embodiments with theuser visiting an operator's website over the Internet. For instance, theuser may be visiting a gambling website, a merchant website, or a mediawebsite for a particular operator. Once on the website, the user selectsan option to register with the website and invokes a registrationwebpage, shown as Step 101. According to various embodiments, thiswebpage may be hosted by the website or may be hosted by the OSP (e.g.,the user may be redirected to a website of the OSP and correspondingregistration webpage). The particular embodiment shown in FIG. 1displays the registration process in which the registration webpage ishosted by the OSP.

In various embodiments, the user may further be requested to enter ausername and/or password, shown as Step 102. For instance, in oneparticular embodiment, the registration webpage provides a text box forthe user to enter a username and a text box for the user to enter apassword. The user types in a username and password and selects the“enter” button on the webpage. The website's system may then check toensure the username is unique. That is, the website's system may checkto make sure the particular username entered by the user has not alreadybeen selected by another user. If the website's system determines theusername is not unique, the system may facilitate having the user entera new username and/or password. For instance, in one embodiment, thewebsite's system generates a message that appears on the webpageinforming the user that the username has already been used andrequesting a new username be entered. In other embodiments, the user maynot be required to enter a username and/or a password. For instance, inparticular embodiments, the user may be automatically or otherwiseprovided with some type of unique identifier that services as ausername. In these particular embodiments, the user may or may not berequested to provide a password to use along with the unique identifier.That being said, as will be described in further detail later, the userbenefits from being able to complete purchases with a simple validation,rather than repetitive and lengthy verifications across multiplewebsites.

Once the user has entered a valid username and password (if required),the website's system redirects the user to the OSP's system, shown asStep 103. For instance, in one embodiment, the website's systemredirects the user to a corresponding registration webpage hosted by theOSP's website. In Step 104, the OSP's system receives the user'susername. Further, in particular embodiments, the OSP's system alsoretrieves a fingerprint for the user's computing device being used toaccess the OSP's webpage. For instance, the system may retrieve the IPaddress being used by the user's device and/or the MAC address for theuser's device.

In Step 105 according to various embodiments, the OSP's system capturesadditional registration details from the user. For instance, in certainembodiments, the OSP's webpage requests the user to enter additionalinformation on the webpage, such as, for example, the user's full name,home address, telephone number, date-of-birth, gender, and socialsecurity number. Once the OSP's system has captured the additionalregistration details, the system undertakes to match these details withpublically held data and credit data. Through this process, oftentimesreferred to as “Know Your Customer,” the user will or will not beverified to predefined certainty standards. If the user is notsufficiently verified, the system, in certain embodiments, redirects theuser back to the website with an appropriate notification. If the useris verified, the system may then enter into an interactive session withthe user, whereby the user is asked a series of personal questions toconfirm that the user, who provided the registration data, is whom he orshe purports to be. According to various embodiments, this process isoftentimes referred to as “Knowledge Based Authentication”.

Remaining with the previous example, if, in accordance with variousembodiments, the user is confirmed, the OSP system will issue a uniqueuser identifier and may, in at least certain embodiments, request theuser to generate a password that meets predefined criteria. Thus, inthese and still other embodiments, the OSP's system redirects the userback to the registration webpage or a different webpage on the website,as shown as Step 106. When so redirected according to variousembodiments, the OSP's system further provides a notification of theunique user identifier, which the website will use on all futurecommunications for this user with the OSP. In certain of these and stillfurther embodiments, the website may ask the user to choose a passwordinstead of the OSP, as may be desirable for particular applications.

At this point, the OSP's system determines whether the registration ofthe user is successful, shown as Step 107. To accomplish this, invarious embodiments, the OSP's system conducts a number of checks basedon the registration information gathered about the user. For example, inone particular embodiment, the OSP's system conducts a location check todetermine whether the user is located in a jurisdiction in which thetypes of transaction activities associated with website are permitted.As is described in more detail below, the location check may be any oneof a geo-IP check system, a registration correlation system, a mobilelocator system, a wireless locator system, and/or a latency analysissystem, and the OSP's system may conduct one or more of these checksaccording to various embodiments.

At the conclusion of the checks, the OSP's system according to variousembodiments determines whether the user has successfully registered andsends a message to the website's system informing the system of theregistration result. In turn, the website's system informs the userwhether the user has successfully registered or not. For instance, inone embodiment, the system facilitates having a message appear on thecurrent webpage the user is on informing the user whether registrationwas successful or not. Further, in particular embodiments, the systemprovides the user and/or website with a unique user identifier for theuser. This may allow the website to request the OSP to validate apreviously registered user, who would utilize the user's unique useridentifier and password on subsequent visits by the user, therebyallowing the website to attach the unique user identifier to requestssent to the OSP's system. Therefore, if registration was successful, thewebsite's system creates a user account for the user, shown as Step 108and the user may benefit from being able to conduct subsequenttransactions with a simple validation process, as will be described infurther detail below, without the need for repetitive and lengthyregistrations and verifications.

In particular embodiments, as mentioned, the OSP's system generates aunique user identifier for the user upon determining the user'sregistration has been successful. Further, as mentioned, in particularembodiments, the unique user identifier may be used as the user'susername. As is described in greater detail below, this unique useridentifier is used in the OSP's system to associate with variousinformation (e.g., the user's registration information or subsequenttransaction history) and with various checks (e.g., the checks performedduring the registration process) stored in the OSP's system. Thus, thesystem can retrieve the various information and checks from systemstorage media by using the unique user identifier.

In various embodiments, the user's unique user identifier is alsoassociated with information gathered and checks performed with regard tothe user having visited multiple websites. For instance, in particularembodiments, when the user visits another website that is associatedwith the OSP (e.g., a restricted website), the user may simply use hisor her user account (e.g., unique user identifier) already issued by theOSP on the second website. Therefore, in this instance, the user ispassed to the OSP to enter his unique user identifier and password andthe OSP's system provides confirmation to the website that the user isvalidated to conduct transactions on the website. Thus, in particularembodiments, the user only needs to register once with the OSP andreceive a unique user identifier that may be used on multiple operators'websites in order to engage in activities on these websites. In otherwords, as will be described in further detail later, the user benefitsfrom being able to complete purchases with a simple validation, ratherthan repetitive and lengthy verifications across multiple websites.

However, in other embodiments, when the user visits the second website,the user may be required to register with the second website. In thiscase, the user is again redirected to the OSP's system (e.g., redirectedto a webpage hosted on the OSP's website). Similar to registering withthe first operator's website, the user is requested to provideregistration information. However, in these and still other embodiments,the OSP's system also compares the registration information witharchived registration information stored in the system's storage mediato determine whether the user associated with the registrationinformation may have already registered on another website (e.g., thefirst website). Therefore, in various embodiments, if the systemdetermines the user has already registered on another website, thesystem links the registration information gathered in connection withthe user registering on the second website with the user's unique useridentifier and archived information. As a result, the user'sregistration information and checks associated with multiple websitesare linked via the user's unique user identifier, thereby introducingstill further efficiency and accuracy within the various processes.

Further, in various embodiments, the system may also provide archivedinformation to the second website and/or may use the results of checkspreviously performed for the particular user. Although the providing ofarchived information and use of results of previously performed checkmay be contingent on the amount of time that has passed since thearchived information was gathered or the check was performed to ensurecircumstances have not changed with respect to the information and/orcheck. This can result in more efficient processing with respect to theOSP and the second website in various embodiments because the OSP'ssystem may not need to re-gather information and/or re-perform certainchecks for the user in connection to the user engaging in activity onthe second website. In addition, the second website may not need togather as much information from the user. As a result, such aregistration process may result in the use of less processing capacityand storage media on the OSP's system and/or the second website'ssystem.

Turning now to FIG. 2, a general diagram of the validation process isillustrated. According to various embodiments, the validation processbegins with the user visiting a website over the Internet in which theoperator is associated with the OSP. As shown in Step 201, in variousembodiments, the user may enter a username and/or password on a loginpage provided on the website. As explained in greater detail below, inparticular embodiments, the username may be the unique user identifierissued to the user by the OSP during a time the user registered with theOSP, although in other embodiments, the username may be otherwiseconfigured, as may be desirable for particular applications. Inresponse, the website's system validates the username and password,shown as Step 202. For instance, in certain embodiments, the website'ssystem stores various user's usernames and passwords in local storagemedia (such as a database) and the system confirms that the password isassociated with the username entered by the user by querying the localstorage media. In other embodiments, the website's system may query anexternal resource, such as the OSP's system, for example, to determinewhether the username and password entered by the user match.

Upon validation of the username and/or password entered by the user, thewebsite's system according to various embodiments redirects the user tothe OSP's system, shown as Step 203. Thus, similar to the registrationprocess, the website's system may redirect the user to a webpage hostedby the OSP. In turn, the OSP's system obtains the user's unique useridentifier (e.g., directly from the website or by using the usernameprovided by the user on the operator's website) and a device fingerprintfor the user's computing device, shown as Step 204. For instance, incertain embodiments, the OSP's system obtains the user's computingdevice's IP address.

In various embodiments, the OSP's system then performs a number ofchecks (similar to the checks described in regard to the registrationprocess) to validate whether and what transaction activities the usermay be allowed to participate in on the website, shown as Step 205. Forexample, the OSP's system may validate that the user is located in ajurisdiction (based on the user's computing device's IP address) inwhich the user is allowed to place a wager in a gambling activity beingplayed on the website. Further, in particular embodiments, the OSP'ssystem may request additional information from the user in performingone or more of these checks and/or may use results of previous checksperformed for the user. In addition, in particular embodiments, theOSP's system may be able to bypass certain checks because these checkswere previously performed during the registration or a previousvalidation process for the user, as will be described in further detailbelow. Such capabilities may streamline the validation process and mayresult in the use of less processing capacity and storage media on theOSP's system. Thus, at the end of this step, the OSP's system hasvalidated whether and what transaction activities the user can engage inwhile on the website.

In Step 206, the OSP's system issues a session identifier for the user'sparticular interactive session with the website and directs the userback to the website along with the session identifier. In variousembodiments, this session identifier is associated with the user (e.g.,user's unique identifier), the website, and the list of transactionactivities the OSP's system has validated the user can engage in whileon the website. Therefore, upon receiving the session identifier fromthe OSP's system, the website's system completes the login for the userso that he may engage in transaction activities on the website, shown asStep 207. Still further, in any of these and still other embodiments,the assignment of a session identifier will permit the user to undertakemultiple transactions during the log on period, all of which areapproved through a single validation.

According to various embodiments, when the user requests to engage in aparticular transaction activity or series of activities on the website(e.g., request to purchase a good, request to view a video, or requestto place a wager), the website's system and/or website confirms that theuser has been validated to engage in the particular activity oractivities based on the issued session identifier. In certainembodiments, information is included along with the session identifieron the transaction activities the user has been validated to engage inon the website. Therefore, in this particular embodiment, the website'ssystem and/or website reference the information to determine whether theuser has been validated to engage in the particular activity oractivities. In other embodiments, the website's system submits a requestto the OSP's system to verify the user has been validated to engage inthe particular activity or activities. In these and still otherembodiments, the request includes information on the particular activityor activities and the session identifier. The OSP's system then uses thesession identifier to determine whether the user has been validated toengage in the particular transaction activity or activities and reportsits determination back to the website's system and/or website. Further,in still other embodiments, the OSP's system and/or the website's systemrecord any transaction activities requested/performed by the user (andassociated information) along with the session identifier.

According to various embodiments, the session identifier remains“locked” to the user as long as the user remains engaged in theinteractive session with the particular website. Therefore, anytransaction activities requested by the user during the particularinteractive session are validated and recorded with respect to theparticular session identifier issued for the particular interactivesession. The recordation may be carried out by the OSP and/or thewebsite depending on the embodiment. Further, in particular embodiments,the session identifier is associated with the user's computing device'sIP address and/or a connection token. This minimizes the chance ofsomeone “hijacking” the user's interactive session to try andimpersonate the user on the website. Thus, as a result, in variousembodiments, the validation process provides an efficient and effectiveway to validate the transaction activities a user can engage in whileinvolved in an interactive session with an Internet website. Stillfurther, in certain embodiments, the validation process may issue acertificate within or alongside the session identifier, wherein at leastthe certificate (and oftentimes the session identifier itself) may beembedded within purchase transaction data as proof that the user wasvalidated for conducting the activity. As will be described in furtherdetail below, in these and still other embodiments, such featuresprovide a heightened degree of not only efficiency, but also securityand confidence for the various parties involved with any of a variety oftransactions.

Methods, Apparatus, Systems, and Computer Program Products

As should be appreciated, the embodiments may be implemented in variousways, including as methods, apparatus, systems, or computer programproducts. Accordingly, the embodiments may take the form of an entirelyhardware embodiment or an embodiment in which a processor is programmedto perform certain steps. Furthermore, the various implementations maytake the form of a computer program product on a computer-readablestorage medium having computer-readable program instructions embodied inthe storage medium. Any suitable computer-readable storage medium may beutilized including hard disks, CD-ROMs, optical storage devices, ormagnetic storage devices.

Particular embodiments are described below with reference to blockdiagrams and flowchart illustrations of methods, apparatus, systems, andcomputer program products. It should be understood that each block ofthe block diagrams and flowchart illustrations, respectively, may beimplemented in part by computer program instructions, e.g., as logicalsteps or operations executing on a processor in a computing system.These computer program instructions may be loaded onto a computer, suchas a special purpose computer or other programmable data processingapparatus to produce a specifically-configured machine, such that theinstructions which execute on the computer or other programmable dataprocessing apparatus implement the functions specified in the flowchartblock or blocks.

These computer program instructions may also be stored incomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including computer-readableinstructions for implementing the functionality specified in theflowchart block or blocks. The computer program instructions may also beloaded onto a computer or other programmable data processing apparatusto cause a series of operational steps to be performed on the computeror other programmable apparatus to produce a computer-implementedprocess such that the instructions that execute on the computer or otherprogrammable apparatus provide operations for implementing the functionsspecified in the flowchart block or blocks.

Accordingly, blocks of the block diagrams and flowchart illustrationssupport various combinations for performing the specified functions,combinations of operations for performing the specified functions andprogram instructions for performing the specified functions. It shouldalso be understood that each block of the block diagrams and flowchartillustrations, and combinations of blocks in the block diagrams andflowchart illustrations, can be implemented by special purposehardware-based computer systems that perform the specified functions oroperations, or combinations of special purpose hardware and computerinstructions.

Exemplary System Architecture

FIG. 3 provides an illustration of a system architecture 300 that can beused in conjunction with various embodiments of the present invention.The architecture 300 includes a plurality of users' computing devices301 in communication with a plurality of website platforms 303. Eachuser's computing device 301 may be a device such as a desktop computer,notebook or laptop, personal digital assistant (PDA), tablet, cellphone, or other processing device. In various embodiments, each websiteplatform 303 comprises a web server and supporting system components(such as, for example, an application server). The web server deliversweb pages to browsers as well as other data files to web-basedapplications and includes the hardware, operating system, web serversoftware, TCP/IP protocols and site content (web pages, images and otherfiles). Thus, a user engages in transaction activities with an operatorby using a browser residing on the user's computing device 301interacting with various web pages hosted by the operator's websiteplatform 303 over the Internet.

In various embodiments, a plurality of operators' systems 302 are inelectronic communication with the website platforms 303 and the websiteplatforms 303 are in electronic communication with the OSP's system 304.However, in other embodiments, the operators' systems 302 are inelectronic communication with the OSP's system 304. Any electroniccommunication described herein may be over one or more wireless or wirednetworks such as a wired or wireless Personal Area Network (“PAN”),Local Area Network (“LAN”), Metropolitan Area Network (“MAN”), Wide AreaNetwork (“WAN”), the Internet, or the like. In addition, in variousembodiments, the OSP's system 304 may make use of an applicationprogramming interface (API) module to interface with the websiteplatforms 303 and/or websites' systems 302. (As shown in FIG. 3, theOSP's system 304 may also make use of API modules to interface withother components of the system architecture 300.) As described in moredetail below, the OSP's system 304 may include one or more hardware andsoftware components such as servers, storage media, routers, gateways,and corresponding software.

In addition, the OSP's system 304 may interface with other systems andcomponents. For instance, as shown in FIG. 3, the OSP's system 304 isalso in communication with a system for an accounting service provider(ASP) 305. As previously mentioned, in particular embodiments, the ASPprovides the OSP with such services as settlement of credit cardtransactions, reconciliation of transactions, and generation ofreconciliation reports. Further shown in FIG. 3, the ASP's system 305may be in electronic communication with one or more accounts 306controlled by the ASP. As is described in further detail below, theseaccounts 306 are used to hold funds for various obligations that are aresult of the settlement process. In addition, the ASP's system 305 maybe in communication with one or more storage media 307 storing taxjurisdiction information. For instance, in various embodiments, thestorage media 307 and other storage media described herein may be one ormore types of media such as hard disks, magnetic tapes, or flash memory.Further, the storage media 307 may include one or more databases. Theterm “database” refers to a structured collection of records or datathat is stored in a computer system, such as via a relational database,hierarchical database, or network database.

In various embodiments, the OSP's system 304 may also be in directcontact with one or more storage media, such as the self-exclusionstorage 308 depicted in FIG. 3. Similar to the storage media 307 incommunication with the ASP's system 305, the self-exclusion storage 308may be one or more types of media such as hard disks, magnetic tapes, orflash memory along with supporting components and may include one ormore databases. As is described in greater detail below, theself-exclusion storage 308 stores information on limits, restrictions,and/or exclusions placed on individual users with regard to engaging intransaction activities on websites.

Further, in various embodiments, the architecture 300 includes one ormore service systems in communication with the OSP's system 304. Forinstance, the architecture 300 depicted in FIG. 3 includes ajurisdiction database 309, a mobile location clarification system 310, adevice fingerprint system 311, a know-your-customer (KYC) system 312, aGeo-IP system 313, and a credit agency system 314. As is described ingreater detail below, in particular embodiments, these systems areassociated with different third parties and provide mechanisms for thevarious checks performed in the registration and validation processes.For instance, in a particular embodiment, the device fingerprint system311 is contacted by the OSP's system 304 to capture the active devicefingerprint of a user's computing device 301 on which the user iscurrently interacting with a website.

It should be noted that the architecture 300 shown in FIG. 3 is forillustrative purposes only and should not be construed as the onlyarchitecture that may be employed in practicing the claimed invention.For instance, in various embodiments, the architecture 300 may includeor exclude one or more service systems. For example, in one embodiment,the OSP's system 304 may include the functionality provided by thedevice fingerprint system 311. Therefore, when such is the case, thearchitecture 300 may not include this system 311. Thus, FIG. 3illustrates the various systems and components according to oneconfiguration of the architecture 300 however the various embodimentsare not limited to this particular architecture 300.

OSP Server

As previously mentioned, the OSP's system 304 may, according to variousembodiments, include one or more servers. Thus, FIG. 4 provides aschematic of a server that may reside in the OSP's system 304 accordingto one embodiment of the present invention. The term “server” is usedgenerically to refer to any computer, computing device, desktop,notebook or laptop, distributed system, server, gateway, switch, orother processing device adapted to perform the functions describedherein. As is understood from this figure, in this embodiment, theserver 400 includes a processor 405 that communicates with otherelements within the server 400 via a system interface or bus 461. Theprocessor 405 may be embodied in a number of different ways. Forexample, the processor 405 may be embodied as various processing meanssuch as a processing element, a microprocessor, a coprocessor, acontroller or various other processing devices including integratedcircuits such as, for example, an application specific integratedcircuit (“ASIC”), a field programmable gate array (“FPGA”), a hardwareaccelerator, or the like. In an exemplary embodiment, the processor 405may be configured to execute instructions stored in the device memory orotherwise accessible to the processor 405. As such, whether configuredby hardware or software methods, or by a combination thereof, theprocessor 405 may represent an entity capable of performing operationsaccording to embodiments of the present invention while configuredaccordingly. A display device/input device 464 for receiving anddisplaying data is also included in the server 400. This displaydevice/input device 464 may be, for example, a keyboard or pointingdevice that is used in combination with a monitor. The server 400further includes memory 463, which may include both read only memory(“ROM”) 465 and random access memory (“RAM”) 467. The server's ROM 465may be used to store a basic input/output system (“BIOS”) 426 containingthe basic routines that help to transfer information to the differentelements within the server 403.

In addition, in one embodiment, the server 403 includes at least onestorage device 468, such as a hard disk drive, a CD drive, and/or anoptical disk drive for storing information on various computer-readablemedia. The storage device(s) 468 and its associated computer-readablemedia may provide nonvolatile storage. The computer-readable mediadescribed above could be replaced by any other type of computer-readablemedia, such as embedded or removable multimedia memory cards (“MMCs”),secure digital (“SD”) memory cards, Memory Sticks, electrically erasableprogrammable read-only memory (“EEPROM”), flash memory, hard disk, orthe like. Additionally, each of these storage devices 468 may beconnected to the system bus 461 by an appropriate interface.

Furthermore, a number of program modules (e.g., set of computer programinstructions) may be stored by the various storage devices 468 and/orwithin RAM 467. Such program modules may include an operating system480, a registration module 500, a validation module 600, aself-exclusion module 800, a behavior analysis module 900, a chargebackmodule 1000, an authorization module 1100, a settlement module 1200, andan ASP module 1300. These modules 500, 600, 800, 900, 1000, 1100, 1200,and 1300 may control certain aspects of the operation of the server 400with the assistance of the processor 405 and operating system 480,although their functionality need not be modularized.

Also located within the server 400, in one embodiment, is a networkinterface 474 for interfacing with various computing entities. Thiscommunication may be via the same or different wired or wirelessnetworks (or a combination of wired and wireless networks), as discussedabove. For instance, the communication may be executed using a wireddata transmission protocol, such as fiber distributed data interface(“FDDI”), digital subscriber line (“DSL”), Ethernet, asynchronoustransfer mode (“ATM”), frame relay, data over cable service interfacespecification (“DOCSIS”), or any other wired transmission protocol.Similarly, the server 400 may be configured to communicate via wirelessexternal communication networks using any of a variety of protocols,such as 802.11, general packet radio service (“GPRS”), wideband codedivision multiple access (“W-CDMA”), or any other wireless protocol.

Of course, it will be appreciated that one or more of the server's 400components may be located remotely from other server 400 components.Furthermore, one or more of the components may be combined andadditional components performing functions described herein may beincluded in the server 400.

Additional Exemplary System Components

The users' computing devices 301 and servers that may reside in othersystems depicted in the architecture 300 shown in FIG. 3 may eachinclude components and functionality similar to that of the OSP server400. For example, in one embodiment, each of the entities may include:(1) a processor that communicates with other elements via a systeminterface or bus; (2) a display device/input device; (3) memoryincluding both ROM and RAM; (4) a storage device; and (5) a networkinterface. These architectures are provided for exemplary purposes onlyand are not limiting to the various embodiments. The term “computingdevice” is used generically to refer to any computer, computing device,desktop, notebook or laptop, distributed system, server, gateway,switch, or other processing device adapted to perform the functionsdescribed herein.

Exemplary System Operation

Reference will now be made to FIGS. 5A-13, which illustrate operationsand processes as produced by various embodiments of the invention. Forinstance, FIGS. 5A and 5B provide flow diagrams of a registration module500 that registers users with various websites and with the OSPaccording to various embodiments. FIG. 6 provides a flow diagram of avalidation module 600 that validates the transaction activities a usercan conduct on a website during an interactive session on the websiteaccording to various embodiments. FIG. 8 provides a flow diagram of aself-exclusion module 800 that facilitates a user settinglimits/restrictions on the transaction activities the user can engage inwhile interacting with one or more websites and/or excluding the userfrom engaging in one or more transaction activities on the one or morewebsites according to various embodiments. FIG. 9 provides a flowdiagram of a behavior analysis module 900 that is configured to analyzevarious transaction activities conducted by users over multiplewebsites, to identify norms of behavior with respect to the transactionactivities conducted on the websites, to identify potentially problemusers as users whose behavior deviates from the identified norms, and tomonitor deviation from norms and changes in individual user behaviorover time according to various embodiments. FIG. 10 provides a flowdiagram of a chargeback module 1000 that is configured to facilitateproviding information associated with a chargeback request received by awebsite for a transaction activity the user has conducted on the websiteaccording to various embodiments. FIG. 11 provides a flow diagram of anauthorization module 1100 that is configured to facilitate a websiteseeking authorization for a purchase to a user's credit card accordingto various embodiments. FIG. 11A also provides a flow diagram of theauthorization module 1100 according to other embodiments. FIG. 12provides a flow diagram of a settlement module 1200 that is configuredto facilitate settlement of transaction activities for a particularwebsite according to various embodiments. FIG. 13 provides a flowdiagram of an ASP module 1300 that is configured to facilitatedispersing settlement funds from transaction activities according tovarious embodiments. These modules 500, 600, 800, 900, 1000, 1100, 1200,and 1300 are described in greater detail below.

Registration Module for Registration Directly with OSP

As previously described herein, in various embodiments, the OSP server400 may include a branded registration module 500 that is configured toregister users directly with the OSP. Once registered in accordance withthis model, the user may, in certain embodiments, use this registrationto engage in activities on one or more of the websites associated withthe OSP (e.g., purchasing restricted goods and/or services, experiencingmedia such as a video, or placing a wager). Typically, in these andstill other embodiments, a user will arrive at a registration webpageeither by visiting the OSP's branded webpage directly, or by accessingthe webpage through an operator's website and being redirected to theOSP's branded webpage. For instance, in at least one embodiment, theuser may visit a website branded and hosted by the OSP over the Internetand may directly therefrom access the registration webpage. In otherembodiments, the user may first visit an operator's website over theInternet and be redirected to the registration webpage for the OSP.

Accordingly, FIG. 5A illustrates a flow diagram of the registrationmodule 500 according to various embodiments. This flow diagram maycorrespond to the steps carried out by the processor 405 in the OSPserver 400 shown in FIG. 4 as it executes the module 500 in the server'sRAM memory 467 according to various embodiments.

According to various embodiments, the user visits a website branded andhosted by the OSP and selects an option on the website to register withthe OSP. In these embodiments, once the user is registered, he can visitthe OSP webpage that lists all participating websites and be redirectedto a website of his choice and engage in a transaction without furtherneed for validation. The OSP's system will provide a session certificate(as will be described in further detail below) to the website, which canbe added to a credit card transaction. In other embodiments, the uservisits an operator's website and selects an option on the website toregister and is directed to the OSP's webpage. In response, the OSP'swebsite directs the user to a registration webpage either branded withthe operator's website brand or with the OSP's brand, depending on theservice proposition desirable for particular applications.

According to various embodiments, the OSP's system 304 is alsoconfigured to retrieve (or the website platform 303 provides) one ormore device fingerprints for the computing device 301 the user is usingto interact with the website. According to certain embodiments, the oneor more device fingerprints may include such indicators as the IPaddress being used by the user's device 301 to communicate with thewebsite and/or some various pieces of data concerning the configurationof the device 301, or hardware identifiers on the device 301, touniquely identify the device 301, such as the device's MAC address orother unique hardware serial numbers.

Therefore, in these and still other embodiments, the registrationprocess begins with the registration module 500 capturing the devicefingerprint, as shown as Step 502A. In particular embodiments, theregistration module 500 invokes a location check in response toreceiving the user's device fingerprint (e.g., device's IP address),shown as Step 503A. As is described in further detail below, thelocation check may be any one or more of a geo-IP check system, aregistration correlation system, a mobile locator system, a wirelesslocator system, and/or a latency analysis system. Still further, incertain embodiments, the location check may be performed by a thirdparty provider or by third party software loaded onto the OSP's system.

In any of these and still other embodiments, however, it should beunderstood that the location check involves at least identifying thephysical location of the user's device based on the fingerprint.Therefore, the registration module 500 provides the device fingerprintto the third party provider and the provider returns the location of theuser's device 301 to the registration module 500. The location may beaccurate to various degrees depending on the embodiment. For instance,the location may be accurate to the national level, the state level, thecity/town/area level, and/or within a certain number of feet, alldepending on the third party provider's capability and the degree ofaccuracy desired for particular applications. For example, certainembodiments, may require reasonable assurance of the precise location ofthe user, down to 500 feet or less, as may be desirable in, for example,online gambling operations.

Further, in various embodiments, the third party provider's locationcheck system/service may be hosted within the OSP's system 304. Such aconfiguration can, amongst other benefits, help to ensure quickerresponse times from the third party provider when a request is made fora location. The same applies to other third party providers of variousservices, all as will be described in further detail below Of course, itshould be further understood that in any of these and still otherparticular embodiments, the registration module 500 is configured tostore the location returned by the third party provider in some type ofstorage media (either local or external) so that the location can beretrieved for later reference, whether by the registration module orotherwise, as may be desirable for particular applications.

In Step 504A, the registration module 500 according to variousembodiments captures additional registration details from the user. Inparticular embodiments, the user may enter the details on the initialregistration webpage or may be directed to a different webpage thatprovides fields requesting the additional registration details. Theadditional registration details may include a variety of differentinformation according to various embodiments. For instance, such detailsmay include the user's full name, email address, date-of-birth, gender,home address, landline telephone number, mobile telephone number, socialsecurity number, driver's license number and state or country, anddevice fingerprint. In addition, some of these details may be mandatorysuch as full name, email address, date-of-birth, gender, and homeaddress. Further, the registration details may indicate what types oftransaction activities the user wishes to register for so that the usermay engage in such activities on the websites associated with the OSP.In still other embodiments, the website registration process may recordthe type of goods sold, and also allocate a merchant category codethereto. In this way the user validation service in these variousembodiments will efficiently and accurately apply any specific legalrequirements applicable to such goods and/or that the jurisdictions,where the website and/or the user are located, as may be desirable forparticular applications.

In Step 505A, the registration module 500 according to variousembodiments, may be configured to validate one or more parts of theadditional registration details. For instance, in certain embodiments,the registration module 500 validates the email address, driver'slicense number, social security number, and home address provided by theuser are in correct format. In these and still other embodiments, if theregistration module 500 determines one or more of these particularpieces of information are not in the correct format, the registrationmodule 500 may request the user to re-enter the information in thecorrect format.

Remaining with FIG. 5A, in Step 506A, the registration module 500according to various embodiments performs a look-up against ajurisdiction database 309 to identify the types of transactionactivities the user may engage in for the jurisdiction in which the useris located. For instance, in certain embodiments, the registrationmodule may use the location of the user identified from the devicefingerprint and/or the address provided by the user to perform thelookup against the jurisdiction database 309. In particular embodiments,the database 309 may include a mapping of locations versus legality toengage in certain transaction activities in the locations, includingregistration. Thus, in various embodiments, the legality of engaging intransaction activities on a particular operator's website may bedependent on the types of transaction activities that may be conductedon the website. For instance, the types of transaction activities mayinvolve the purchasing of restricted goods such the non-limitingexamples of alcohol, fire arms, and/or adult materials or may involveengaging in activities such as gambling or viewing restricted material.Still further non-limiting examples may comprise tobacco-containingproducts, alcohol-containing products, weapon-oriented products,drug-oriented products, adult-oriented products, and explosive-orientedproducts.

Further, in various embodiments, the database 309 may be stored locallyon one or more storage media within the OSP's system 304 or storedexternally from the OSP's system 304. Thus, in particular embodiments,the lookup performed by the registration module 500 returns a resultstipulating the types of transactions the user may engage in based onthe location of the user. In embodiments in which the user hasidentified certain transaction activities to register for, theregistration module 500 confirms the results returned from the look upinclude such transaction activities, shown as Step 507A. If the resultsdo not include the identified transaction activities, the registrationmodule 500 may end the registration process and inform the websiteand/or the user that the user may not register to engage in suchactivities, shown as Step 508A.

As a non-limiting example, according to various embodiments, theregistration module 500 checks the date-of-birth entered by the user toensure the user is over the relevant age for the user's jurisdiction,for the identified transaction activities, and/or for a particularminimum age set by the website. For instance, in certain embodiments,the registration module 500 queries one or more external data sources(such as the department of motor vehicles for the state in which theuser resides) to verify the user has entered his correct date-of-birthon the registration screen. Once the registration module 500 hasverified the user's date-of-birth, the registration module 500determines whether the user's age is over the required age for theuser's jurisdiction for the identified transaction activities, as shownas Step 509A. Such determination may limit the types of transactions theuser may be able to engage in on various websites.

Further, in embodiments in which the user or website has identifiedcertain transaction activities for the user to register for, theregistration module 500 may confirm whether the user is of the properage to engage in such transaction activities. If not, the registrationmodule 500 may end the registration process and inform the websiteand/or user that the user may not register to engage in such activities,shown as Step 510A. Still further, in any of these and still otherembodiments, the registration module 500 may save an age verificationidentifier along with the user's registration information. Thisidentifier may be referenced and/or provided to other websites (e.g.,during the registration/validation processes of the user on the otherwebsites) to verify that the user's age has been determined andconfirmed.

As described in further detail below, in various embodiments, the OSP(and in particular instances, participating websites) provides userswith the opportunity to set limits/restrictions for and/or tovoluntarily exclude (e.g., self-exclude) themselves from being able toengage in one or more transaction activities on one or more of theparticipating websites. Such a mechanism may be helpful in controllingand/or proactively preventing and/or identifying compulsive behavior bylimiting the type and/or amount of transaction activities a user mayengage in on one or more websites and/or by all-together restricting theuser from engaging in transaction activities on one or more websites.For instance, in at least one embodiment, the OSP's website may providethe website with the ability for the user to set limits/restrictions forthe user and/or to exclude the user from engaging in transactionactivities on one or more participating websites.

As yet another non-limiting example, the OSP may according to variousembodiments provide the user with one or more webpages on which the usercan enter limits on the amount of money the user is allowed to spend,deposit, and/or wager within a single interactive session with one ormore websites and/or over a defined period of time. Further, the usermay indicate on one of the webpages to exclude the user from engaging inany transaction activities on one or more of the participating websites.Alternatively the OSP system can be, in these and still otherembodiments, configured to automatically exclude the user from alllicensed operators' websites when the user elects self-exclusion at oneoperator's website. In particular embodiments, the externally imposedand/or user imposed limits/restrictions/exclusions and supportinginformation are stored in one or more exclusion databases 308 within orexternal to the OSP's system 304, as will be described in further detailbelow. In at least one embodiment, the OSP may be further configured tosearch and/or post data to the one or more exclusion databases, as maybe desirable for particular applications, upon receipt of pertinentexclusion data for one or more users. In other embodiments, the OSP maybe configured to receive on-line exclusion data from multiple websitesand from government bodies at Federal, State and Tribal levels, inresponse to which that data is stored and updated periodically.According to these and still other embodiments, the systems and methodsmay likewise receive on-line look up requests from websites and conductssearches against user data to determine if a user is excluded, as may bedesirable for particular applications.

Thus, in Step 511A, the registration module 500 according to variousembodiments performs a lookup in the self-exclusion database 308 basedon one or more pieces of information obtained during the registrationprocess to determine whether the user has previously requested to beexcluded from being able to engage in any types of transactionactivities on the participating websites. (The self-exclusion checkaccording to various embodiments is explained further in FIG. 7 below.)In Step 512A, if the registration module 500 determines from the lookupthat the user has requested to be excluded from engaging in certaintransaction activities, the registration module 500 may further limitthe types of transactions the user may be able to engage in on variouswebsites. In addition, in embodiments in which the user or website hasidentified certain transaction activities to register for, theregistration module 500 determines whether the user has self-excludedfrom engaging in such transaction activities. If so, the registrationmodule 500 may end the registration process and inform the websiteand/or the user that the user has been excluded from engaging in suchactivities, shown as Step 513A. Further, this step of the process mayinvolve a lookup on one or more “black lists” to see if the user hasbeen excluded from registration for some other reason besidesself-exclusion, such as being a convicted criminal, or any of a varietyof externally-imposed exclusion criteria, as will be described infurther detail below.

Continuing with the registration process, in Step 514A according tovarious embodiments, the registration module 500 performs one or morefraud checks to attempt to prevent organized fraud from occurring on thewebsite. For instance, in certain embodiments, this step includes theregistration module 500 performing a “velocity” check to determinewhether any registration attempts received within a settable predefinedtime period (e.g., within the last sixty minutes) includes duplicateand/or similar registration information. Further, in particularembodiments, this step includes the registration module 500 monitoringthe device fingerprints (e.g., IP addresses) received along with theregistration attempts to determine whether there are duplicateregistration attempts originating from a particular device fingerprint.If the registration module 500 detects possible fraud from any check,the module 500 may end the registration process for the user and/or mayrecord the potential fraudulent attempt (along with the registrationinformation) for future referral. Therefore, in any of these and stillother embodiments, the OSP may include fraud checks on its system 304 toattempt to prevent its system 304 from being “flooded” with fraudulentattempts that may affect the performance of the system 304.

At this point, the registration module 500 stores the registrationinformation in storage media located either within or outside of theOSP's system 304, as shown as Step 515A according to variousembodiments. In addition, in particular embodiments, the registrationmodule 500 queries the information stored for existing users alreadyregistered with the OSP to determine whether the user already has anexisting account, shown as Step 516A. For instance, in one embodiment,the registration module 500 searches the information stored for existingusers based on a combination of one or more of email address, full name,home address, telephone number, and/or date-of-birth entered by theuser. If the registration module 500 determines the user's registrationinformation matches information for an existing user (e.g., determinesan account already exists for the user), the registration module 500ends the registration process and informs the user, shown as Step 517A.Alternatively or additionally, according to any of these and still otherembodiments, the information match may relate to an account at anotheroperator's website and may expedite the registration of the user at asecond operator's website.

In contrast, if, according to various embodiments, the registrationmodule 500 determines the user does not have an existing account, theregistration module 500 performs a “Know-Your-Customer” (KYC) check toverify the identity of the user, shown as Step 518A. In certainembodiments, the KYC check involves the registration module 500contacting a third party provider to verify the user's identity. As isdescribed in further detail below, this may involve the registrationmodule 500 providing a single submission of registration information tothe third party provider and providing a dialogue type of submission ofregistration information to the third party provider in variousembodiments (e.g., submitting information, receiving a response, andrequesting subsequent information from the user). For instance, theregistration module 500 submits initial registration information to thethird party provider. In response, the third party provider confirms theinitial registration information matches to other available informationsuch as publicly held information or credit information. For example,the third party provider confirms the user provided his correct driver'slicense number by comparing the number with available records for thedepartment of motor vehicles for the appropriate state.

In various embodiments in which the third party is unable to match theuser's initial registration information with information from the one ormore data sources, the third party provider requests additionalinformation from the user to use in obtaining a match for the user withthe one or more data sources. In these particular instances, the thirdparty provider may send an indicator to the registration module 500 asto whether the user's details were matched along with a request foradditional information. Thus, in Step 519A, the registration module 500determines if the third party was able to match the user's details. Ifthe registration module 500 determines the third party provider wasunable to match the user's details, the registration module 500 requestsadditional information from the user, shown as Step 520A. For instance,in one embodiment, the registration module 500 requests the user toprovide information for optional questions in which the user did notoriginally provide an answer for. The user provides the answers to thequestions and the registration module 500 forwards the answers to thethird party provider. As a result, the third party provider can use theadditional information provided in the answers to increase theprobability of matching the user's details with information found in theone or more data sources. For example, the third party provider may beunable to establish a match for the user based on the user's name andaddress. The third party provider may then request the user's socialsecurity number to improve the likelihood of finding a match for user'sdetails with information stored in the one or more data sources.

According to various embodiments, if the third party provider is able tomatch the user's details with information found in the one or more datasources, the process continues with the registration module 500 askingone or more questions formulated to verify the user providing theinformation is actually the user registering with the OSP, shown as Step521A. This may be referred to as knowledge based authentication (“KBA”).In certain embodiments, these questions are based on details only theuser, as identified, would normally be able to provide. For instance, apossible question may be to have the user provide a date-of-birth forhis spouse and/or his mother's maiden name. In particular embodiments,the registration module 500 may formulate the questions, while in otherembodiments the third party provider may formulate and provide thequestions. The answers to the questions are then used by the third partyprovider to determine whether the answers are correct by authenticatingthe answers using the user's details from the one or more data sourcesand thus verifying the user providing the information is actually theuser registering with the OSP. Further, in particular embodiments, theregistration module 500 stores the results of the Know Your Customer(“KYC”) and/or Knowledge Based Authentication (“KBA”) check(s), shown asStep 522A.

Therefore, in Step 523A according to various embodiments, theregistration module 500 determines whether the user has passed the KYCcheck. For instance, in certain embodiments, the registration module 500makes this determination by evaluating whether the information providedby the user and the details obtained from the data sources correlate(e.g., whether the information provided by the user adequately matchesthe details obtained from the data sources). While in other embodiments,the registration module 500 receives some indication from the thirdparty provider whether the user's identity has been authenticated. Ifthe registration module 500 determines the user's identity has not beenauthenticated (e.g., the KYC check failed), the registration module 500ends the registration process, shown as Step 524A. Thus, in particularembodiments, the registration module 500 sends an indication to thewebsite and/or the user that the user's identity could not beauthenticated. However, if the registration module 500 determines theuser's identity has been authenticated, the module 500 issues a uniqueuser identifier to the website or to particular user, shown as Step525A. As is described in greater detail below, this unique useridentifier is unique within the OSP's system 304 and is associated withthe user along with any information (e.g., one or more accounts) storedin the system 304 for the user.

In various embodiments, the registration module 500 may wait to performthis step until the entire registration process has successfullycompleted and the module 500 has not encountered a failure within theprocess. However, in other embodiments, the registration module 500 mayperform this step earlier in the registration process so that anyinformation obtained and/or failures/successes of various checks may bestored along with the unique identifier at the time the informationand/or results for the checks are obtained by the registration module500 so that such information/failures/successes may be referenced at alater time. (However, it should be noted that the registration module500 may be configured in various embodiments to associate theinformation/failures/successes with the unique user identifier at alater time in the process such as at the successful completion ofregistration.) According to various embodiments, the unique useridentifier may be any one of a number of different types of identifiers.For instance, in one embodiment, the unique user identifier isrepresented as an alphanumeric value.

Once the registration module 500 has issued the user a unique useridentifier, the module 500 may request the user to provide a password toassociate with the identifier in particular embodiments. Of course, inother embodiments, the module 500 may generate a password along with theunique user identifier. In still other embodiments, the website maygenerate the password and possibly a user name for the user, and thatdata will be linked to the unique user identifier provided by the OSPregistration module, as may be desirable for particular applications.

In various embodiments, the registration module 500 may request the userto register a credit card with the OSP. Once registered, the credit cardmay be used by the user for certain transaction activities such asmaking purchases on a website and/or depositing funds with a website.Further, in particular embodiments, the credit card may be used by thewebsite to make payments to the user such as, for example, payingwinnings to the user as a result of gambling activities. Therefore, inStep 526A, the registration module 500 captures credit card details fromthe user. For instance, this step may entail the user being presentedwith one or more webpages on which to provide the appropriateinformation such as the type of credit card, the credit card number, thename on the card, the billing address, and the expiration date for thecredit card.

In addition, in various embodiments, the registration module 500 mayencrypt one or more pieces of the credit card information before storingthe information. The OSP's system in these and still other embodimentswill generally be PCI compliant. However, if the website is not PCIcompliant, the OSP system will generate a token identifier for thecredit card to pass to the website, thereby obviating the need for thewebsite to go through the expensive process of becoming PCI compliantand maintaining it.

If for some reason the user does not have a valid credit card toregister, in various embodiments, the registration module 500 mayaccording to various embodiments refer the user to a credit card issuer,shown as Step 527A. Thus, in certain embodiments, the registrationmodule 500 may be in communication with one or more third partyproviders (e.g., credit card issuers) and the registration module 500directs the user to a website associated with one of the credit cardissuers so that the user may “sign up” for a credit card with the creditcard issuer. Once the user has signed up for the card and has obtainedthe card (e.g., credit card number), the user may be redirected back tothe registration process and associated webpages for entering theinformation for the credit card at Step 526A.

Further, in particular embodiments, the registration module 500 mayacquire a credit score for the user, shown as Step 528A. Similar toother registration steps, in these embodiments, the registration module500 may communicate with one or more third party providers to obtain thecredit score for the user. For example, in one embodiment, theregistration module 500 communicates with Equifax (e.g., Equifax'ssystem) over a secured communication channel to obtain the user's creditscore. Once the registration module 500 receives the score, the module500 stores the score along with the other information collected for theuser. Finally, upon successful completion of the registration process,the registration module 500 transmits the unique user identifier andpassword (if applicable) to the website, shown as Step 529A. The creditscore may be used to set or recommend user limits on the website.

Thus, an advantage experienced in various embodiments of the inventionas a result of registering with the OSP is that the OSP may provide abranded website directly to the user, whereby the user may use theregistration (e.g., the unique user identifier) on a plurality ofwebsites associated with the OSP to facilitate engagement in activitieson the websites. For instance, the OSP may require participatingwebsites to go through a signup process and may provide an identifier(e.g., branding mark/logo) to place on operators' websites to indicateto users that they may use their OSP registration on the operators'websites. Therefore, a user visiting a particular operator's websiteassociated with the OSP that provides restricted transaction activitiessuch as alcohol purchases may use his unique user identifier andpassword on the website to “log in” and be validated to engage in suchpurchases on the website with a simple validation process and withouthaving to go through a registration process for the particular website.

Further, in various embodiments, use of the unique user identifier mayidentify and link information obtained from a plurality websites for theuser. As a result, the information associated with multiple websites maybe shared among the websites in various embodiments. In addition, a userhaving a unique user identifier employed across multiple websites allowsdata to be collated and results in a reflection of the user's completebehavior across the multiple websites. Further, such capabilities mayprovide better efficiencies and may reduce needed computing capacitiesin these various embodiments because each individual website may not berequired to conduct a registration process for a particular user todetermine whether the user may engage in transaction activities witheach individual website. Instead, each individual website may rely onthe registration completed by the user with the OSP and a simplevalidation process.

Thus, in particular embodiments, the validation of the unique useridentifier and user password may be used by the website as “proof” thatthe user has successfully gone through the registration process with theOSP. For instance, as explained in greater detail below, a website mayredirect the user to the OSP to validate the unique user identifier andpassword and thereby to verify what transaction activities the user maybe “approved” to engage in on the website. As a non-limiting example,the user may wish to engage in a restricted transaction activity on thewebsite such as viewing adult material. In these and still otherembodiments, the OSP responds back to the website's redirection of theuser for validation of the user's unique identifier and passwordindicating that the user may be “approved” to view such material. As aresult, the user is not required to go through the registration processwith the specific operator and/or website in order to engage intransaction activities on the website. The OSP will provide a sessioncertificate, which can be incorporated into a credit card transactiondata field to signify that the user complied with any restricted sale'slegal obligations.

Of course, wherever referenced previously and/or subsequently herein, itshould be understood that the particular flow diagram shown in FIG. 5Arepresents one embodiment of the many various embodiments ofregistration module 500 and it is contemplated that the sequence ofsteps shown in the diagram may be ordered differently in otherembodiments and/or where such may be desirable for particularapplications. As a non-limiting example and as previously describedherein, the registration module 500 may be configured in particularembodiments to issue the unique user identifier earlier in theregistration process so that the gathered information and/or results forchecks can be stored and associated with the identifier as the module500 obtains the information and/or performs the checks.

Still further, it should be understood that in various embodiments, theregistration module 500 may not be required to perform all of the stepsin the registration process in light of the types of transactionactivities the OSP may be registering the user to engage in with regardto certain websites. For instance, as a non-limiting example, a user mayinitially register with the OSP to engage only in unrestrictedtransaction activities such as making purchases on various clothingwebsites. Therefore, such an instance, the registration module 500 maynot be required to verify the age of the user because the purchasing ofclothing is not typically restricted based on age. In addition, invarious embodiments, a user may register with a website through the OSPto conduct certain types of transaction activities that may beapplicable to other types of transaction activities. For instance, theuser may initially register with a website contracted with the OSP sothat the user may engage in gambling activities. The user may later wishto register directly with the OSP so that he may engage in adult-themedactivities. In this particular instance, the registration module 500 mayreceive the request to register the user for adult-themed activities andthe registration module 500 may identify that the user has previouslybeen registered to engage in gambling activities.

Therefore, it should be understood that according to various embodimentsof the registration module 500, such may be configured to determine thatthe registration process for both types of transaction activities is thesame and may apply the successful registration for engaging in gamblingactivities to the registration of adult-themed activities. Indeed, incertain embodiments and as previously described herein (e.g., forgambling activities) the OSP will be operating in white label mode onbehalf of the gambling website, while in other embodiments (e.g., foradult themed activities) the user will be registering with the OSP'sbranded site and the OSP will therefore provide the user, uponsuccessful registration, with his unique user identifier and password.Hence, in any of these and still other embodiments, the user can thenuse the unique user identifier and password at any participatingmerchant going forward, supplying a heightened degree of efficiency andeffectiveness across the system, as has been described previouslyherein.

Registration Module for Registration on an Operator's Website

In various embodiments, as has been at least briefly describedpreviously herein, an operator and/or website may require a user to openan account with the particular operator and/or website in order for theuser to engage in transaction activities on a particular website. Forinstance, one or more gambling websites may require users to haveaccounts associated with each particular gambling website to helpfacilitate gambling activities conducted on these websites. For example,such accounts may help to facilitate users depositing funds with thegambling websites to be used in placing bets on these websites. Underthis type of registration, a user will typically select the website'sregistration option first and then be redirected to the registrationwebpage for the OSP. Of course, in still other embodiments, the user mayalso visit the OSP's directly to register with a particular operatorand/or website, as may be desirable or more beneficial for particularapplications.

Accordingly, FIG. 5B illustrates a flow diagram of the registrationmodule 500 according to various embodiments for this type ofregistration. Similar to above, this flow diagram may correspond to thesteps carried out by the processor 405 in the OSP server 400 shown inFIG. 4 as it executes the module 500 in the server's RAM memory 467according to various embodiments.

According to various embodiments, the user visits a website hosted by awebsite associated with the OSP and selects an option on the website toregister on the website. In response, the website directs the user to aregistration webpage. In particular instances, the webpage may requestthe user to enter a username and password. Thus, the user types in ausername and password and the website checks to ensure the username isunique. That is, the website checks to ensure that another user has notalready used the username to register with the website. Once the websitehas verified the username is unique, the website (e.g., website platform303) redirects the user to the OSP's system 304 and provides theusername of the user.

In particular embodiments, the OSP's system 304 may generate aconnection token for the particular user and may send the connectiontoken back to the website's system 302. If the user is returned back tothe OSP's system 304 (e.g., the registration webpage) during theregistration process, the website's system 302 provides the connectiontoken. The OSP's system 304 then verifies the connection token is valid.If the connection token is valid, the registration process is allowed tocontinue. On the other hand, if the connection token is invalid, theregistration process is not allowed to continue and the user is directedback to the website. In these particular embodiments, such a tokenprovides a mechanism to prevent connection hijacking of a user duringtransfer of the user between the website and the OSP's system 304. Sucha token may also be issued during the validation process (describedbelow) and returned back to the OSP's system 304 during an interactivesession with the website to prevent session hijacking of a user.

Returning to the registration process according to various embodiments,the OSP's system 304 invokes the registration module 500. In theparticular embodiments in which the user has been required to provide ausername that has been forwarded to the OSP's system 304, the system 304provides the module 500 with the username. Further, in particularembodiments, the OSP's system 304 retrieves (or the website platform 303provides) one or more device fingerprints for the computing device 301the user is using to interact with the website. Therefore, theregistration process begins in at least these and still furtherembodiments with the registration module 500 capturing the devicefingerprint, shown as Step 502B. Similar to the previous registrationprocess described, in particular embodiments, the registration module500 invokes a location check in response to receiving the user's devicefingerprint (e.g., device's IP address) to identify the user's location,shown as Step 503B. In certain embodiments, the location check maycomprise one or more of the non-limiting examples of a geo-IP checksystem, a registration correlation system, a mobile locator system, awireless locator system, a latency analysis system, and/or any of avariety of combinations of one or more of such systems.

In Step 504B, the registration module 500 performs a look-up against ajurisdiction database 309 to identify whether the user is located in ajurisdiction (e.g., based on the location returned from the Geo-IPcheck) that permits the user to register with the website. As previouslymentioned, in various embodiments, the legality of registering on aparticular website may be dependent on the types of transactionactivities that may be conducted on the website. Thus, in particularembodiments, the lookup performed by the registration module 500 returnsa result stipulating whether the user is allowed to proceed with theregistration process. Therefore, in Step 505B, the registration module500 evaluates the result of the lookup to determine if the user islocated in a jurisdiction that permits the user to engage in thetransaction activities involved with the website. For example, if theregistration module 500 determines that the user is not in ajurisdiction that permits the user to engage in the particulartransaction activities (Step 506B), the module communicates such to thewebsite. In turn, the website informs the user that he is not permittedto register (and engage in the transaction activities) with the website.

Instead, however, if the registration module 500 determines the user islocated in a jurisdiction that permits the user to engage in at leastone type of transaction activity involved with the website, theregistration module 500 captures additional registration details fromthe user, shown as Step 507B. In particular embodiments, the user mayenter the details on the initial registration webpage or may be directedto a different webpage that provides fields requesting the additionalregistration details. As discussed with respect to the previousregistration process described above, the additional registrationdetails may include a variety of different information according tovarious embodiments.

Remaining with FIG. 5B, in Step 508B according to various embodiments,the registration module 500 validates one or more parts of theadditional registration details according to various embodiments. Forinstance, in certain embodiments, the registration module 500 may queryone or more external data sources (such as the department of motorvehicles for the state in which the user resides) to verify the user hasentered his correct date-of-birth on the registration screen. If theregistration module 500 determines the user's age is not over therequired age for the user's jurisdiction and/or set by the website, theregistration module 500 may end the registration process and may informthe website of the determination. In turn, the website may inform theuser that he is too young to register.

Continuing with the registration process, in Step 509B, the registrationmodule 500 performs one or more fraud checks to attempt to preventorganized fraud from occurring on the website. Therefore, although it iscontemplated that the website may institute its own fraud checks on itswebsite to prevent fraudulent activity occurring, as previouslyexplained, in various embodiments the OSP may include additional fraudchecks on its system 304 to attempt to prevent its system 304 from being“flooded” with fraudulent attempts that may affect the performance ofthe system 304.

Once the user has entered the additional registration details and thedetails have been verified and the fraud checks have been performed, theregistration module 500 stores the registration information in storagemedia located either within or outside of the OSP's system 304, shown asStep MOB. At this point, in particular embodiments, the registrationmodule 500 queries the information stored for existing users alreadyregistered with the OSP to determine whether the user already has anexisting account, shown as Step 511B. For instance, in one embodiment,the registration module 500 searches the information stored for existingusers based on a combination of one or more of email address, full name,home address, telephone number, and/or date-of-birth entered by theuser.

If the registration module 500 determines the user's registrationinformation matches information for an existing user (e.g., determinesan account already exists for the user) and is of recent set up, theregistration module 500 ends the registration process and informswebsite, shown as Step 512B, of the user's successful registration. Ifthe previous user registration was with the same website, the websitewill be advised accordingly and the website may facilitate providing theuser with a reminder displayed on the website to the user to help theuser remember the username and/or password previously used to registerwith the website. In contrast, if according to various embodiments theregistration module 500 determines the user does not have an existingaccount, the registration module 500 performs a KYC check to verify theidentity of the user, shown as Step 513B. In various embodiments, thischeck is carried out in similar fashion as detailed with respect to theprevious registration process described above.

In various instances in which the third party is unable to match theuser's initial registration information with information from the one ormore data sources, the third party provider may, according to variousembodiments, request additional information from the user to use inobtaining a match for the user with the one or more data sources. Thus,the third party provider may send an indicator to the registrationmodule 500 that the user's details were not matched, along with arequest for additional information in Step 514 B and Step 515B. As aresult, the third party provider can use the additional information toincrease the probability of matching the user's details with informationfound in the one or more data sources. If the registration module 500determines, in these and/or still other embodiments, that the thirdparty provider is able to match the user's details with informationfound in the one or more data sources, the registration module 500facilitates asking one or more KBA questions that typically only theuser could correctly answer formulated to verify the user's identity,shown as Step 516B. Still further, in particular embodiments, theregistration module 500 stores the results of the KYC and KBA checks,shown as Step 517B.

Therefore, in Step 518B, the registration module 500 determines whetherthe user has passed the KYC check, e.g., provided accurate registrationinformation and correct answers to the questions. If the registrationmodule 500 determines the user's identity has not been verified (e.g.,the KYC check failed), the registration module 500 ends the registrationprocess, shown as Step 519B. Thus, in particular embodiments, theregistration module 500 may send an indication to the website that theuser's identity could not be authenticated and the website may informthe user of the same. In other embodiments, the registration module 500may be configured to perform “fuzzy” type matching with respect to oneor more of the attributes of the registration information and/or storedinformation for various subscribers already registered. In particularembodiments, the registration module 500 may use a confidence factor todetermine whether a match is found. Of course, it should be understoodthat any of a variety of factors and/or logic analysis may be performedand/or incorporated within the registration module 500, as may bedesirable for particular applications, without departing the nature andscope of the invention, as described herein.

If, in accordance with various embodiments, the registration module 500identifies one or more accounts that have information that matchesand/or is similar to the information received from the user, the module500 links the user's information (e.g., new account) with the existingaccounts, shown as Step 521B. In certain embodiments, this may beaccomplished via a unique user identifier that has been issued by theOSP to the one or more websites or to the particular user, depending onthe type of registration. Further, in particular embodiments, this stepmay also identify an account the user has already opened with theparticular website (similar to the check performed in Step 511B). Thismay be the case because in at least these particular embodiments, thischeck may involve comparing more information than what was reviewed inthe initial check performed in Step 511B. Further, in particularembodiments, if the module 500 determines the user has alreadyregistered with the OSP and/or any of the, the module 500 may skip latersteps in the process such as checking the minimum age of the user,capturing the user's credit card details, and/or checking the user'scredit score.

In Step 522B, the registration module 500 performs a lookup in theself-exclusion database 308 based on one or more pieces of informationobtained during the registration process to determine whether the userhas previously requested to be excluded from being able to engage intransaction activities on the website. (The self-exclusion checkaccording to various embodiments is explained further in FIG. 7 below.)In Step 523B, if the registration module 500 determines from the lookupthat the user has requested to be excluded from engaging in transactionactivities on the website, the registration module 500 ends theregistration process and informs the website that the user has requestedto be excluded, shown as Step 524B. In turn, the website may report thisto the user.

However, if the registration module 500 determines that the user has notrequested to be excluded, the registration module 500 performs a lookupin the jurisdiction database 309 to determine whether the user's“verified” age (as a result of the KYC check) is over the minimum agerequirement for the particular jurisdiction the user is located in,shown as Step 525B. Thus, in various embodiments, having identified theuser's jurisdiction from the Geo-IP check (Step 503B) as well as theuser's age from the KYC check (see Step 513B), the registration module500 performs a check to ascertain whether the user is of sufficient ageto register for the jurisdiction where he is located. Depending on legalparameters, the jurisdiction check could alternatively be conductedbased on his residency address. Further, as previously mentioned, thejurisdiction database 309 may be configured so that, as a secondarycheck requirement, individual websites can specify the minimum agerequired to engage in transaction activities with the website (e.g., anage limit higher than that set by the jurisdiction). In addition, inparticular embodiments, individual websites may specific in thejurisdiction database to exclude users from engaging in transactionactivities altogether with the websites regardless of age.

In Step 526B, if the registration module 500 determines the user's ageis not above the required minimum(s), the registration module 500 endsthe registration process and notifies the website, shown as Step 527B.If the registration module 500 determines the user's age is above therequired minimum(s) for the jurisdiction and website, in particularembodiments, the registration module 500 may save an age verificationidentifier along with the user's registration information. Thisidentifier may be referenced and/or provided to other websites (e.g.,during the registration process of the user on the other websites) toverify that the user's age has been determined and confirmed.

As previously described, in particular embodiments, the OSP'sregistration module 500 may request the user to register a credit cardwith the particular website. Therefore, in Step 528B according tocertain embodiments, the registration module 500 captures credit carddetails from the user and performs a specific authorization request fora predetermined monetary value (e.g., $1) to confirm the card is notfraudulent. Of course, in still other embodiments, if for some reasonthe user does not have a valid credit card to register, the registrationmodule 500 may refer the user to a credit card issuer, shown as Step529B. In such embodiments, the website may have an arrangement for theissuer to provide a co-branded credit card to the user. In any of theseand still other embodiments, once the user has signed up for the cardand has obtained the card, the user may be redirected back to theregistration process and associated webpages for entering theinformation for the credit card at Step 528B. Still further, inparticular embodiments and as previously described herein, theregistration module 500 may acquire a credit score for the user, shownas Step 530B.

As previously mentioned, at Step 520B, the registration module 500determines whether any other accounts exist for the particular user withregard to the other participating websites. As further mentioned, if theregistration module 500 finds such account(s), the registration module500 links the account being created for the particular website with theother existing accounts for the user in Step 521B. These accounts arelinked in the OSP's system 304 via the unique user identifier for theparticular user.

However, if in any of these and still other embodiments the registrationmodule 500 does not locate any existing accounts for the particular userin Step 520B, then a unique user identifier is not identified for theuser. In such embodiments, the registration module 500 issues a uniqueuser identifier for the user, shown as Step 531B. In variousembodiments, the registration module 500 may wait to perform this stepuntil the entire registration process has successfully completed and themodule 500 has not encountered a failure within the process. However, inother embodiments, the registration module 500 may perform this stepearlier in the registration process so that any information obtainedand/or failures/successes of various checks may be stored along with theunique identifier at the time the information and/or results for thechecks are obtained by the registration module 500 so that suchinformation/failures/successes may be referenced at a later time, suchas at another time in which the user may be attempting to register withthe same or another website. Of course, it should be noted that theregistration module 500 may be configured in various embodiments toassociate the information/failures/successes with the unique useridentifier at a later time in the process such as at the successfulcompletion of registration.

Thus, an advantage experienced in various embodiments of the inventionis that the unique user identifier may be used to identify and linkinformation obtained from a plurality of websites for the user,including subsequent transaction history. As a result, the informationassociated with the multiple websites may be shared on a sanitized basisamong the—websites in various embodiments and used for analysis. Suchcapabilities may provide better efficiencies and may reduce neededcomputing capacities in these various embodiments because eachindividual website may not be required to conduct all of theregistration process steps for a particular user. This is because one ormore steps may have been performed in a previous registration processfor the user and the result of the one or more steps may be “shared” andused in the current registration process.

As a non-limiting example according to various embodiments, during aprevious registration process for the user, the registration module 500may have verified the user's age. Therefore, in a current registrationprocess for the same user, the registration module 500 may use theresult obtained in the previous registration (e.g., the verified age)and may not need to execute the step in the current registration processto verify the user's age. Thus, the registration module 500 will notneed to “waste” the time, resources, and computing capacity to re-verifythe user's age

Finally, in Step 532B, the registration module 500 redirects the userback to the website and transmits the user's details to the website(e.g., website's system 302). In particular embodiments, thistransmission also indicates to the website that the user hassuccessfully registered with the website. The details transmitted to thewebsite may include such information as the user's unique useridentifier, name, gender, residential address, email address, phone, andthe user's credit score. It should be noted that the user may beredirected back to the website earlier in the registration processaccording to various embodiments. In these particular embodiments, thewebsite may display a message to the user indicating whetherregistration was successful or not.

In addition, in particular embodiments, the details transmitted to thewebsite may include a certificate (e.g., digital certificate) indicatingthe user has been successfully registered and a session identifier tovalidate the user for allowed transactions. This certificate and sessionidentifier may be used by the website as “proof” that the user hassuccessfully gone through the registration and validation processes withthe OSP. For instance, the website may submit the certificate along witha purchase transaction (e.g., submit the certificate along with anauthorization request to an issuing bank on a credit card transaction)to demonstrate the user's identity and/or age has been successfullyverified. Further, in particular embodiments, the certificate may alsobe generated by the OSP following the user being validated through adifferent website to show that the user has successfully gone throughthe registration and validation process with the OSP. In theseparticular embodiments, the user may then repeat the validation processwith a subsequent website, who will redirect the user to the OSP toprompt for his unique user identifier and password. In response, the OSPmay by-pass some of the registration process and simply validate theuser and issue a new certificate to the subsequent website.

It should be understood, of course, that in certain embodiments, thesession identifier may comprise within the identifier the certificate,which in turn operates as proof the user was validated for conducting apurchase transaction activity. In still other embodiments, the sessionidentifier may actual operate as the proof that the user was validatedfor conducting the purchase transaction activity, without the need for aseparate embedded and/or stand-alone certificate, as may be desirablefor particular applications. In any of these and still otherembodiments, as described elsewhere herein, the OSP may be configured tosend the session identifier and/or certificate to the first website forincorporation within purchase transaction data for the purchasetransaction activity. In at least one embodiment, the session identifierand/or certificate may comprise at least an indication that the usersatisfied an age requirement for conducting the purchase transactionactivity.

Similar to the registration process described above, it should beunderstood that the particular flow diagram shown in FIG. 5B representsone embodiment of the registration module 500 and it is contemplatedthat the sequence of steps shown in the diagram may be ordereddifferently in other embodiments. For instance, in particularembodiments, the registration module 500 may not capture the user'susername. In these particular embodiments, once the user has beenre-directed back to the website, the website then requests the user toenter a username and password. The OSP then relies solely upon theunique user identifier when communicating with the website concerningthis customer.

Further, in particular embodiments, the registration module 500 may beconfigured to process a number of users' registrations with a particularwebsite by accepting one or more files from the website that includeinformation for a plurality of users (e.g., the registration module 500may be configured to perform batch processing of users). Thus, in theseparticular embodiments, the registration module 500 then executes theregistration process for each user listed in the one or more files.However, some of the steps of the registration process may be performeddifferently than if the registration process 500 were processing a userin real-time. For instance, each user's information (including theuser's registration details) is obtained from the one or more files andnot directly from the user. Thus, in these particular embodiments, theregistration module 500 must be able to perform the KYC check withouthaving to request any additional information from the user at the timethe module 500 performs the check. Once the registration module 500 hasprocessed each user listed in the one or more files, the registrationmodule 500 issues a unique user identifier for each user successfullyregistered (and in some embodiments also for each user unsuccessfullyregistered) and writes to a summary file information on each user as towhether registration was successful or unsuccessful to be sent to thewebsite.

Finally, it should be understood that in particular embodiments, theregistration module 500 may not be required to perform all of the stepsin the registration process in light of the types of transactionactivities being performed on the website and/or in light of thewebsite's requirements. For instance, if the website is a merchantwebsite for selling chocolate, the registration module 500 may not berequired to verify the age of the user because the purchasing ofchocolate is not typically restricted based on age. In addition, invarious embodiments, the registration of a user on a particular websiteconducting certain types of transaction activities may be applicable tothe registration of the user on another website conducting differenttypes of transaction activities. For instance, the user may initiallyregister with a gambling website though the OSP (and the registrationmodule 500). The user may later visit an adult website and wish toregister with the adult website. In this case, the registration module500 may receive the request to register the user on the adult websiteand the registration module 500 may identify that the user haspreviously been registered with the gambling website successfully. Inthese particular instances, the registration module 500 may beconfigured to determine that the registration process for both websitesis the same and may apply the successful registration on the gamblingwebsite to the registration on the adult website. As a result, invarious embodiments, the registration of a user may be applicable acrossmultiple industries.

Validation Module

In various embodiments, the OSP server 400 may also include a validationmodule 600 that is configured to validate what transaction activitiesusers may engage in when logging in to a website associated with the OSP(e.g., validate sessions with the various websites associated with theOSP). This module 600 is invoked when a user logs in to a particularwebsite for a separate session to the successfully registration. If thewebsite is configured to allow a user to proceed in the originalregistration session to undertake transactions, further validation isnot necessary. In this instance, the handover of the user to the websiteon successful registration will include a session identifier to permitallowed transactions within the same session. FIG. 6 illustrates a flowdiagram of the validation module 600 according to various embodiments.This flow diagram may correspond to the steps carried out by theprocessor 405 in the OSP server 400 shown in FIG. 4 as it executes themodule 600 in the server's RAM memory 467 according to variousembodiments.

In various embodiments, the validation process is integrated in themiddle of a website's login process. Therefore, in these particularembodiments, a part of the login process on a website is the validationof the user's details within the OSP's system 304. The OSP's system 304will use the details to check to ensure the user is allowed to logininto the particular website and engage in transaction activities on thewebsite.

As previously mentioned, in various embodiments, the website may providesome indication on its website that it is associated with the OSP. Forinstance, the website may display the OSP's logo to indicate to usersthat they may use their branded OSP registrations (e.g., their uniqueuser identifiers and/or passwords) on its website. While in otherembodiments, the website may require users to use its brandedregistrations to be able to log in to its website. Therefore, thevalidation process begins with the user visiting the website and eitherentering his username and password for access to the website or with theuser responding to the OSP branded prompt that he is an OSP registereduser.

In the first instance according to various embodiments, the websitevalidates the username and password and links the user to the uniqueusers' identifier and then redirects the user to a validation webpagewithin the OSP's system 304. In the second instance according to variousembodiments, the website redirects the user with a request for an OSPregistered user validation. The OSP system then prompts for the user toenter his unique user identifier and password for validation. Inresponse, the OSP's system 304 invokes the validation module 600 andprovides the module 600 with the login information.

Depending on the embodiment, the website may retrieve the user's uniqueuser identifier assigned during the registration period and may submitthe unique user identifier to the OSP's system 304. In otherembodiments, the website may simply submit the user's username (and insome cases, an identifier for the website) and the OSP's system 304retrieves the unique user identifier from either local or externalstorage. Further, in various embodiments, the OSP's system 304 may alsoobtain one or more device fingerprints from the device the user is usingto communicate with the website, such as the device's IP address and/orMAC address. Similar to the unique user identifier, the website maysubmit the one or more device fingerprints to the OSP's system 304 orthe OSP's system 304 may retrieve the fingerprints directly from theuser's device. As a result, in Step 602, the validation module 600residing in the OSP's system 304 receives the unique user identifier andthe one or more device fingerprints.

In Step 603, the validation module 600 performs a lookup of the user'sdetails. In various embodiments, this entails the validation module 600querying one or more data storage devices based on the unique useridentifier to retrieve information stored on the user in such storage.For instance, the information on the user may include the informationgathered from the user and from checks performed during one or moreregistration and/or validation processes for the user.

As shown in FIG. 6, the validation module 600 in various embodiments maybe configured to perform various steps of the validation process atsubstantially the same time. For instance, the flow diagram shown inFIG. 6 presents the module 600 performing the self-exclusion check, thejurisdiction check, the OFAC check and the PEP check at virtually thesame time. Describing first the self-exclusion check, in Step 604, thevalidation module 600 performs a lookup on the self-exclusion database308 to determine whether the user has imposed one or morelimits/restrictions and/or has voluntarily excluded himself from beingable to engage in one or more types of transaction activities. Incertain embodiments, the lookup may seek to identify a match against aunique user identifier provided by the user, while in other embodiments,the lookup may seek to identify and match the user based upon at least aportion of user-provided and/or previously stored registration data. Inany event, as previously described, such a mechanism may be helpful incontrolling compulsive behavior by limiting the types and/or amount oftransaction activities a user may engage in and/or by all-togetherrestricting the user from engaging in certain types of transactionactivities. Therefore, in Step 605, the validation module 600 determineswhether the user has imposed such a restriction on themselves withrespect to the types of transaction activities performed on the website.This check is conducted by the OSP rather than the website toaccommodate self-exclusions that apply nationally, at State level oracross multiple websites.

If the validation module 600 determines the user has self-excluded frombeing able to engage in all the types of transaction activitiesconducted on the website, the validation module 600 fails to validatethe user's session with the website, shown as Step 606. Thus, inparticular embodiments, at the end of this check the validation module600 has identified any limitations, restrictions, and/or exclusions withrespect to the types of transactions conducted on the website. Further,the validation module 600 may also store and/or post to one or moredatabases the result of the check, in Step 607, so that it may be laterreferenced during the session identifier issue/validation step asdescribed below. Of course, it should be further understood that, inaddition to self-exclusion criteria, the validation module 600 may,according to various embodiments, be configured to apply user exclusionsbased upon one or more externally-imposed exclusions, including thenon-limiting examples of age, jurisdiction, criminal record, or thelike, as will be described in further detail elsewhere herein. Thatbeing said, any of such exclusions, upon identification, may be stored,posted, and/or updated by the module 600, however as may be desirablefor particular applications.

In Step 608, the validation module 600 performs a location check, whichmay be facilitated by one or more of the non-limiting examples of ageo-IP check system, a registration correlation system, a mobile locatorsystem, a wireless locator system, a latency analysis system, and any ofa variety of combinations of one or more of such systems. Similar to theregistration module 500, in various embodiments, the validation module600 may, in at least certain embodiments, call a third party provider toassist in this check. Therefore, in these particular embodiments, thevalidation module 600 provides one or more device fingerprints (e.g.,the user's device's IP address) to the third party provider and theprovider returns the location of the user's device based on the one ormore fingerprints to the validation module 600. Thus, in Step 609, thevalidation module 600 performs a look-up against a jurisdiction database309 to identify the types of transaction activities the user may engagein while in the jurisdiction (e.g., the location returned from thelocation check). Therefore, in Step 610, the validation module 600evaluates the result. If the validation module 600 determines the useris not in a jurisdiction that permits the user to engage in any of thetypes of transaction activities conducted on the website, the validationmodule 600 fails to validate the session with the website, shown as Step611.

Instead, however, if the validation module 600 determines the user islocated in a jurisdiction that permits the user to engage in at leastone of the types of transaction activities conducted on the website, thevalidation module 600 performs a check on the user's age, shown as Step612. Similar to the registration module 500, the validation module 600performs a lookup in the jurisdiction database 309 to determine whetherthe user's age is over the minimum age requirement for the types oftransaction activities conducted on the website for the particularjurisdiction the user is located in (identified in Step 609) or abovethe in-house age limit set by the website. In Step 613, if thevalidation module 600 determines the user's age is not above therequired minimum, the validation module 600 fails to validate thesession with the website. In various embodiments, the validation module600 may also store the results of the checks and lookups, in Step 614,so that they may be later referenced during the session identifierissue/validation step as described below.

Of course, it should be understood that for various applications,regulatory guidelines exist that require determination of location withvarying degrees of certainty. Although each generally require at least areasonable degree of assurance of location accuracy, upon return of alocation check, as previously described herein, varying requirementsexist. As a non-limiting example, in the gambling context, locationdetermination may be necessary to a resolution of 500 feet or less,which may require a combination of location checks, including one ormore wireless locator systems that incorporate some degree oftriangulation upon a device being used by the user. Of course, any of avariety of systems may be incorporated to determine location with adesirable degree of accuracy and reasonable assurance, as may be desiredfor particular applications, without departing the scope and intent ofthe present invention.

Further, in particular embodiments dealing with websites, who have userswho are US citizens, or websites in the United States, in Step 615, thevalidation module 600 performs a lookup in one or more third parties'databases holding information on individuals identified by the Office ofForeign Assets Control (OFAC) as having economic sanctions enforced onthem. The OFAC compiles a list of entities (e.g., companies andindividuals) for which sanctions have been imposed preventing theseentities from engaging in trade or financial transactions and otherdealings in the United States. Therefore, the validation module 600performs the lookup to determine whether the user has been identified bythe OFAC on this list. Similar to other third party databases previouslydescribed, in various embodiments, the one or more databases may belocally hosted by the OSP's system 304 and the system 304 receivesperiodic updates for the one or more databases. Therefore, in Step 616,the validation module 600 determines whether the user is listed in oneor more of the databases (e.g., the validation module 600 queries theone or more databases using the user's full name). If the validationmodule 600 determines the user is listed, the module 600 fails tovalidate the session with the website, shown as Step 617. In variousembodiments, similar lists may exist with respect to other countriesthat the validation module 600 may be configured to check.

Similar to the OFAC lookup, in particular embodiments, the validationmodule 600 also performs a lookup in one or more third parties'databases holding information on individuals identified as politicalexposed persons (PEP) who are government officials and/or high profilepeople, shown as Step 618. Similar to other third party databasespreviously described, in various embodiments, the one or more databasesmay be locally hosted by the OSP's system 304 and the system 304receives periodic updates for the one or more databases. In Step 619,the validation module 600 determines whether the user is listed in oneor more of the PEP databases (e.g., the validation module 600 queriesthe one or more databases using the user's full name). In variousembodiments, if the validation module 600 determines the user is listed,such information may be communicated to the website and the website maymonitor the user appropriately. Thus, in Step 620, the validation module600 may according to various embodiments store the results of the OFAClookup and the PEP lookup so that the results may be referenced duringthe session identifier issue/validation step as described below.

Once the validation module 600 has performed all of the checks andlookups, the validation module 600 reviews the results for thevalidation checks to confirm whether the user has “passed” the checks,shown as Step 621. In various embodiments, this may involve thevalidation module 600 retrieving the stored results for all of thechecks. Therefore, in Step 622, if the validation module 600 determinesthe user has failed one or more of the checks, the validation module 600may end the validation process, shown as Step 623. This may entail thevalidation module 600 notifying the website that the user could not bevalidated along with the reason why the user has failed the validationprocess. In certain embodiments, the validation module 600 may befurther configured to notify one or more exclusion databases of theusers' inability to engage in certain transaction activities based uponfailure of the validation process. In turn, at least the website may,according to these and still other embodiments, notify the user that heis excluded from engaging in transaction activities on the website. As aresult, the user will be unable to complete logging into the website andengaging in transaction activities on the website.

However, in Step 622 according to various embodiments, if the validationmodule 600 determines the user has passed the checks, the validationmodule 600 issues a session identifier for the user, shown as Step 624.The validation module 600 then redirects the user back to the websiteand transmits the session identifier to the operator (e.g., operator'ssystem 302 and/or website). In particular embodiments, this transmissionmay also include information along with the identifier, such as, forexample, information on the various transaction activities the user mayengage in while involved in the interactive session with the website.For instance, the information may indicate the types of transactionactivities the user may engage in along with the times in which the useris allowed to engage such transaction activities in the user'sjurisdiction/location and any limitations, restrictions, and/orexclusions with respect to such transaction activities. In thealternative, the information may indicate the types of transactionactivities the user is forbidden to engage in along with anylimitations, restrictions, and/or exclusions with respect to suchforbidden transaction activities. This information is automaticallyframed by the website's merchant category code, assigned when itregistered with the OSP. As a result, the user is able to completelogging into the website and is able to engage in transaction activitieson the website.

In various embodiments, a new session identifier is issued for eachsession the user logs into a participating website. Similar to theunique user identifier, the session identifier may be any one of anumber of different types of identifiers according to variousembodiments. For instance, in one embodiment, the session identifier isrepresented as an alphanumeric value. The session identifier identifiesthe user (e.g., user's unique identifier), the website, the particularinteractive session, and, in many instances, the types of transactionactivities the user may engage in during the interactive session (or, inthe alternative, the types of transaction activities the user may notengage in during the interactive session). Therefore, in variousembodiments, the user must go through the entire validation process andbe issued a new session identifier each time the user engages in a newinteractive session with the website (e.g., each time the user logs intothe website).

Thus, in particular embodiments, the session identifier identifies oneor more transaction activities the user is “authorized” to engage in onthe website during the interactive session. For instance, theseactivities may include buying, selling, and/or trading goods, viewingand/or listening to media, viewing restricted material, depositing fundswith the website, placing a wager (e.g., participating in a gamblingactivity), and/or withdrawing funds from website. In many instances, theOSP's system 304 is not involved directly with the user engaging in suchtransaction activities on the website. In these particular instances,the OSP's system simply provides the list of “authorized” transactionactivities and the website references the list during the user'sinteractive session on the website. In addition, in these particularinstances, the website may record information on the transactionactivities conducted by the user during the interactive session on thewebsite.

In addition, according to various embodiments the OSP's system mayprovide a certificate along with the session identifier and the list of“authorized” transaction activities to the website confirming validationhas been performed for the user's particular interactive session. Incertain embodiments, the session identifier may serve as thecertificate, while in other embodiments the certificate may be appendedto or otherwise embedded within the session identifier, however, may bedesirable for particular applications. It should be understood that forany of these and still other embodiments, the website or the OSP mayprovide the certificate along with a purchase transaction as proof toparties within the value chain that the user was validated. In certainembodiments, as will be described in further detail later, thecertificate may provide compelling evidence of validation, as may bedesirable for particular applications.

However, in other embodiments, the OSP's system 304 may record theactivities conducted by the user during the interactive session with thewebsite along with the session identifier (and, in some cases,information related to the activities). As with other information storedby the OSP's system 304, the system may store the activities and relatedinformation in storage media that is located within or outside of theOSP's system 304. Therefore, in these particular embodiments, once auser has been validated and issued a session identifier and the user hasrequested to engage in a particular transaction activity (e.g., making apurchase) on the website, the website completes the activity for theuser and also forwards the information on the activity and correspondinginformation to the OSP's system 304 along with the session identifier sothat the OSP's system 304 can record the transaction activity andcorresponding information along with the session identifier.

It should be understood that in various embodiments the sessionidentifier is always linked to the user's unique user identifier.Therefore, according to certain embodiments, a user's sessions conductedwith the various participating websites (along with the associatedactivities, in at least a particular embodiment) can be retrieved fromthe OSP's system 304 by simply querying the appropriate storage usingthe user's unique identifier. As a result, a user's validation withrespect to the types of transaction activities approved across multiplewebsites may be reviewed and monitored.

Of course, the particular flow diagram shown in FIG. 6 represents oneexemplary embodiment of the validation module 600 and it is contemplatedthat the sequence of steps shown in the diagram may be ordereddifferently in other embodiments. For instance, the validation module600 may be configured in one particular embodiment to execute theself-exclusion check, the jurisdiction check, and the OFAC checksequentially instead of virtually at the same time. Further, in anotherembodiment, the validation module 600 may be configured to exit once themodule 600 has determined that the user has failed any one of thechecks. In this embodiment, the module 600 then notifies the operatorand/or the website that the user was not validated and gives the reasonfor failing to validate the user. Finally, the validation module 600 maybe configured in various embodiments to issue a session identifierinitially after receiving the request to validate the user and beforeconducting the various checks. In these particular embodiments, thevalidation module 600 records the results of the each check along withthe issued session identifier as each check is performed.

Further, in various embodiments, the validation module 600 may or maynot perform various steps of the validation process based on factorssuch as the website submitting the validation request and/or the typesof transaction activities performed on the particular website. Forexample, the validation module 600 may not perform the minimum age check612 in a case where the website is a website on which men's clothing issold. This is because the selling of men's clothing is typically not agerestricted.

Therefore, once the website has received the session identifier, thewebsite may use the identifier to validate whether the user can engagein one or more requested transaction activities during the interactivesession on the website and may use the identifier to record and identifythe activities the user requests and engages in during the interactivesession. For instance, as explained, in one embodiment the websitereceives information along with the session identifier that identifiesthe transaction activities the user may engage in during the interactivesession (and/or the transaction activities the user may not engage induring the interactive session). In this particular embodiment, once theuser has requested to engage in a particular activity on the website(such as, for example, making a purchase or placing a wager), thewebsite references the information received along with the identifier toverify that the user has been validated to engage in the particularactivity. In another embodiment, upon receiving a request from the userto engage in a particular activity, the website automatically sendsinformation identifying the requested activity and the sessionidentifier to the OSP's system 304. In this particular embodiment, theOSP's system 304 uses the session identifier and determines whether theuser has been validated to the conduct the particular activity on thewebsite. The OSP's system 304 then returns information on thedetermination to the website.

It should further be understood that although various embodiments havebeen described herein as being configured to provide the sessionidentifier to website with details of all the transaction types the useris allowed to conduct, together with any restrictions such as legal timewindows when such transactions can be conducted, in still otherembodiments, as may be desirable for particular applications, thesession identifier may be additionally and/or alternatively provided tothe user, at least initially. In this manner, the user, like the websitecould be enabled to facilitate subsequent approved transaction activitywithout further referral between the website and the OSP.

Additional Details on Various Checks

Additional details are provided below on the various checks theregistration module 500 and/or the validation module 600 performaccording to various embodiments.

Location Check

As previously mentioned, the location check is performed to identify thephysical location of one or more device fingerprints (e.g., the IPaddress) associated with the user's computing device 301. As furthermentioned, in various embodiments, this location check may utilizeand/or incorporate any one or more of a geo-IP check system, aregistration correlation system, a mobile locator system, a wirelesslocator system, a latency analysis system, and/or a comparableconfigurable and available system, as may be desirable for particularapplications. Where a geo-IP check system is involved, the locationcheck according to certain embodiments involves the registration module500 and/or the validation module 600 utilizing a third party provider toassist in performing the check. In particular embodiments, this entailsthe registration module 500 and/or validation module 600 referencing anelectronic geo-directory provided by the third party provider. Invarious embodiments, the directory comprises a database or some othertype of searchable application that manages and stores data. Further, inparticular embodiments, the OSP's system 304 hosts the geo-directory sothat lookups on the directory may be performed more quickly than if thegeo-directory was located remotely from the system 304.

Therefore, in various embodiments, the registration module 500 and/orvalidation module 600 checks the captured device fingerprints againstthe geo-directory. According to various embodiments, the geo-directorymay provide such information as the city, county, state, zip code,latitude, and/or longitude for U.S. locations and/or the city, country,state, providence, latitude, and/or longitude for non-U.S. locations. Inaddition, the geo-directory may provide a confidence value along withthe information that indicates a level of confidence that the providedinformation is correct for the queried device fingerprints. Inparticular embodiments, the registration module 500 and/or thevalidation module 600 may compare the confidence value against apredetermined threshold established by the OSP, the website to determinewhether the determined location is acceptable. If the confidence levelis not above the predetermined threshold, the registration module 500and/or validation module 600 may end the registration/validationprocess.

Further, in particular embodiments, the geo-directory may includeinformation that indicates whether the one or more of the devicefingerprints are considered “suspect” or not. For example, in someinstances, the user may be using an Internet service provider such asOnline America® or EarthLink®. Many times in these instances, the IPaddress, a device fingerprint captured for the user's device 301, isactually an IP address of a gateway associated with the Internet serviceprovider. Therefore, the physical location of the IP address is thelocation of the gateway and not the location of the user. A similarinstance in which this may also occur is when a user is accessing awebsite using a browser on the user's mobile device. In this instance,the IP address received from the user is that of a gateway associatedwith the user's wireless carrier. In these particular embodiments, thegeo-directory may have some type of indicator marking such IP addresses.As a result, the geo-directory is able to return information (e.g., theindicator) indicating the IP address is considered “suspect.”

According to various embodiments, in instances in which one or more ofthe device fingerprints are “suspect,” the registration module 500and/or validation module 600 may be configured to perform a mobile IPlocator check. First, the registration module 500 and/or validationmodule 600 retrieves the user's mobile phone number from the informationgathered from the user. If the module phone cannot be retrieved, theregistration module 500 and/or validation module 600 facilitates havingthe OSP, website request the user to enter his mobile number, which issent to the OSP's system 304. The registration module 500 and/orvalidation module 600 passes the user's mobile number to a third partyprovider which performs a mobile location check and sends back thejurisdiction result to the registration module 500 and/or validationmodule 600. One such third party provider is Spriv located in New York.If the user refuses to provide his mobile number then, in variousembodiments, the on line registration process and/or validation processis ended.

It should be further understood, as previously mentioned herein, thatthe location check may comprise one or more (or any combination of) thenon-limiting examples of a geo-IP check system, a registrationcorrelation system, a mobile locator system, a wireless locator system,and a latency analysis system. Due to various regulatory guidelines andregimes, the degree of certain to which a determination of location isrequired varies. Although generally at least a reasonable degree ofassurance of location accuracy is required, more stringent requirementsdo exist. As a non-limiting example, in the gambling context, locationdetermination may be necessary to a resolution of 500 feet or less,which may require a combination of location checks, including one ormore wireless locator systems that incorporate some degree oftriangulation upon a device being used by the user. Of course, any of avariety of systems may be incorporated to determine location with adesirable degree of accuracy and reasonable assurance, as may be desiredfor particular applications, without departing the scope and intent ofthe present invention.

Fraud Check

In various embodiments, the fraud check is performed to ensure users donot enter “garbage” data into the OSP's system 304. As alreadydescribed, the fraud check may involve checking certain information toidentify multiple registration attempts from a single source. Inaddition, in particular embodiments, once the user has entered andsubmitted valid registration details and the OSP's system 304 hascaptured these details, the registration module 500 causes an image withsome characters to display on the current webpage the user is on at thetime. The webpage then requests the user to fill an adjoining text boxto the image on the webpage with the characters on the image. The userenters the characters and the result is returned to the OSP's system304. Such a request helps to verify that the information being enteredby the user is actually coming from the user and that the user'sregistration has not been “hijacked” by some other party who hasprovided false details about the user. Thus, if the characters enteredby the user match the characters displayed on the image, theregistration module 500 updates a fraud flag (included with theinformation stored for the user) to indicate that fraud has not beendetected with regard to the user's registration.

If the entered characters do not match the characters displayed on theimage, the user may again be shown an image with characters and the usermay again be requested to enter the characters in the text box accordingto particular embodiments. Depending on the embodiment, the user may begiven a predetermined number of chances to enter the correct characters.If at that point the user has still failed to provide the correctcharacters, the registration process is ended.

KYC Check

As previously mentioned, in various embodiments, the KYC check isperformed to verify the identity of a user who is attempting to registerwith the OSP and/or a website. That is, the KYC check is performed toverify that a user attempting to register is actually the person who heis entering information during the registration process. As furthermentioned, in particular embodiments, the registration module 500 makesuse of a third party provider to assist in this check. In theseparticular embodiments, the registration module 500 passes the validatedcaptured registration details to the third party provider. In response,the third party provider cross references this information with one ormore data sources (e.g., databases) to attempt to find a match for thedetails. For instance, the third party provider may cross reference suchdata sources as state department of motor vehicles databases, internalrevenue databases, credit card company databases, and/or the like.

In particular embodiments in which the third party provider does notfind a match, the registration module 500 may first request the user toprovide information for one or more of the optional fields the user mayhave previously failed to provide information for during the time theuser provided his registration details. The registration module 500receives the additional details and forwards the additional details tothe third party provider. As a result, the third party provider may beable to locate a match based on the additional details provided by theuser.

If the third party provider is able to locate a match, in variousembodiments, the third party provider (or the registration module 500 inother embodiments) may then perform a knowledge-based authenticationcheck to confirm the identity of the user and may automatically researchand formulate one or more questions from public data or credit data. Inparticular embodiments, these questions may be in the form of multiplechoice questions and may concern information about the user thatnormally only the user would be able to provide the correct answer for.These questions are then presented on line to the user to answer and theregistration module 500 forwards the answers to the questions to thethird party provider. For example, the third party provider mayformulate one or more questions to request the user to identify thebanking entity that provided a previous car loan the user had or toidentify a car he purchased in a particular year.

Once the third party receives the answers to the questions, the thirdparty provider uses the information initially provided by theregistration module 500 along with the answers to the questions toverify the user's identity (e.g., the third party provider confirms theuser has provided accurate information by answering the questionscorrectly). If the third party provider has successfully verified theuser's identity, the third party provider sends the results back to theregistration module 500 along with a unique identifier (e.g., KYCidentifier). In turn, the registration module 500 stores the KYCidentifier along with the other registration information gathered forthe user. If the third party provider is unable to verify the user'sidentity after conducting the knowledge based authentication, the thirdparty provider reports the results to the registration module 500 andthe module 500 ends the registration process. In particular embodiments,the third party provider may still provide a KYC identifier along withthe results for the failed attempt so that the identifier can be storedalong with the user's information in the OSP's system 304 to record thefailure.

Exclusion & Self-Exclusion Checks

In various embodiments, the exclusion and self-exclusion checks areperformed to verify whether an external regulation or entity, oralternatively and/or additionally a user has self-excluded from engagingin one or more transaction activities on one or more of the websites. Inparticular, the self-exclusion check is also performed to determinewhether the user has imposed limitations and/or restrictions on theactivities the user may engage in on one or more of the websites. Aspreviously mentioned, in particular embodiments, the registration module500 performs the self-exclusion check to determine whether the types oftransaction activities a user may engage in should be limited for aparticular user's registration. In other embodiments, the registrationmodule 500 performs the self-exclusion check to determine whether a userhas self-excluded from engaging in particular types of transactionactivities and therefore should not be allowed to register with aparticular website that provides such particular types of transactionactivities.

However, in other embodiments, the validation module 600 performs theself-exclusion check to determine whether the user may have imposed oneor more limitations and/or restrictions on the activities the user mayengage in on a particular website. For example, the validation module600 may consider whether the user has imposed a limit on the amount offunds the user may lose over a predetermined time period (such as amonth) on a gambling website and/or whether the user has imposed a limiton the amount of time the user may spend on an adult website.Accordingly, FIG. 7 illustrates a flow diagram of the self-exclusioncheck performed by the validation module 600 according to suchembodiments.

As previously mentioned, in various embodiments, the validation module600 typically performs the self-exclusion check (e.g., Step 605 in FIG.6) during the validation process in which the module 600 validates whattransaction activities the user may engage in during the user'sinteractive session with a particular website. Therefore, in Step 702,the validation module 600 retrieves the self-exclusion information forthe user. For instance, in one embodiment, the validation module 600queries the self-exclusion database 308 using the user's uniqueidentifier to retrieve the information on the user.

In various embodiments, the exclusion database 308 may actually comprisea plurality of databases, at least some of which may not even be“self-exclusion” related. Indeed, externally imposed exclusions exist,such as the non-limiting examples of age, jurisdiction, and/or criminalrecord, just to name a few. As such, in various embodiments, theexclusion database 308 may be configured at different levels toaccommodate searching and reporting (e.g., different hierarchicallevels). For instance, in particular embodiments, methods may be inplace to organize information on users on different levels in thedatabase 308 such as on a website level, a type of website level, and/ora governmental entity level. For example, legislation may be in placethat requires the exclusion database 308 to be configured such thatusers registered to conduct gambling transactions in the United Statesare organized on a website level, a type of website level, a statelevel, and a national level. Thus, in this particular example, arestriction and/or exclusion for a particular user may be managed,searched, and/or applied at a website level, a type of website level, astate level, and/or a national level. Therefore, if a particular stateimplements a regulation restricting a particular gambling activity, theregulation may be applied, managed, and searched for registered userslocated in or resident in the state at the time of the transactionsession. If a particular user is located in the state that hasimplemented the restriction on the particular gambling activity thevalidation module 600 may apply the restriction to the particular userby searching the jurisdiction requirements on a state level during thevalidation process. Further, in particular embodiments, if the OSP ismanaging the exclusion database 308 on behalf of an entity such as astate or federal regulator, the OSP may make available a posting,searching, and reporting capability of the exclusion database 308 towebsites who otherwise do not use the OSP's services. In this manner,external (e.g., environmental or otherwise) exclusion criteria may alsobe applied against the user, in addition to, or alternatively to anyself-exclusion criteria either provided directly by the user or garneredfrom the one or more exclusion databases.

Returning now specifically to the “self-exclusion” check process, inStep 703, the validation module 600 determines whether the user hasexcluded himself from engaging in all of the types of transactionactivities provided on the website. Thus, in various embodiments, theuser may exclude himself, subject to the law, at any hierarchical levelsetup in the database 308. For instance, the information stored in thedatabase 308 may indicate the user has excluded himself from theparticular website or has excluded himself from all of the participatingor licensed websites associated with particular types of transactions(e.g., type of website level such as gambling websites and/or adultwebsites). In particular instances, the user may have also imposed acool-off period indicating a period of time the user has requested to beexcluded from engaging in particular types of transaction activities. Inthese particular instances, the validation module 600 also determineswhether the cool-off period still applies with respect to the user. Forexample, the information stored in the database 308 may include aparameter indicating the period of time the cool-off period is to applyfor. Therefore, if the validation module 600 determines from the queriedinformation that the user has been excluded, the validation module 600fails to validate the user's session with the website (e.g., Step 606 inFIG. 6) and ends the self-exclusion check, shown as Step 704.

However, if the validation module 600 determines the user has notexcluded himself from engaging in all of the types of transactionactivities conducted on the website, the validation module 600determines whether the user has imposed any limitations and/orrestrictions on the activities the user may engage in on the website,shown as Step 705. For example, the user may have imposed a restrictionon what types of transactions the user may engage in on the particularwebsite or on all of the participating websites associated with similartypes of transactions the user may have imposed a limitation on thenumber of transactions the user can engage in over a predeterminedperiod of time, or the user may have imposed a restriction on the amountof funds the user may spend/deposit on the particular website or type ofwebsites over a predetermined period of time. In various embodiments,information on the limitations and/or restrictions may be stored in theself-exclusion database 308.

If the validation module 600 determines the user has not imposed anylimitations and/or restrictions on himself, the validation module 600exits the self-exclusion check, shown as Step 706. However, if thevalidation module 600 determines the user has imposed limitations and/orrestrictions on himself, the validation module 600 determines whetherthe user has or legal compliance requirements have imposed thelimitations and/or restrictions over multiple websites (e.g., over allof the participating websites associated with the same types oftransaction activities) or has imposed the limitations and/orrestrictions for only the particular website, shown as Step 707. Forinstance, in one embodiment, a flag may be stored along with theinformation for each limitation or restriction that indicates whetherthe limitation or restriction is to be imposed on all of theparticipating websites for the same types of transaction activities oron one or more particular websites. Further, the information mayindicate what website(s) the limitation or restriction is to be imposedon.

If the limitation or restriction is to be imposed on multiple websites,the validation module 600 may retrieve information, if available, forthe activities conducted by the user on the websites over the applicableperiod of time, shown as Step 708. For instance, in the example in whichthe user has imposed a limit on the number of wagers the user can makeover a predetermined period of time (e.g., over a month), the validationmodule 600 retrieves the user's information on wagers the user hasconducted on the various websites over the past month. (For instance,this information may be queried using the unique user identifier or, ifnot available, through a data matching process, following which theunique user identifier can be applied.) If the limitation or restrictionis to be imposed on only a particular website, the validation module 600retrieves information for the transaction activities conducted by theuser on the website over the applicable time period in a similarfashion, shown as Step 709.

Once the validation module 600 has retrieved the applicable activityinformation for the user, in Step 710, the validation module 600determines one or more parameters based on each limitation orrestriction and the activity information. In particular embodiments,these parameters are communicated to the particular website the user iscurrently interacting with so that the parameters may be used to imposethe limitations and/or restrictions on the website, shown as Step 711.For example, the user may have imposed a limit of one-hundred and twenty(120) minutes the user is allowed to spend on the participating websitesproviding video gaming over a particular month. The activity informationfor the various websites may indicate that the user has played games forforty-two (42) minutes in the current month on the various websites.Therefore, in this example, the validation module 600 determines aparameter indicating the user may still spend seventy-eight (78) moreminutes on these websites during the month and sends this parameter tothe website. In turn, in various embodiments, the website enforces therestriction during the user's interactive session with the website.Further, in various embodiments, the website sends information to theOSP's system 304 each time the user engages in gaming on the website. Asa result, the next time the validation module 600 performs theself-exclusion check, the parameter indicating the number of minutes theuser has left during the month will reflect the minutes the user engagedin gaming during his recent interactive session on the website.

Self-Exclusion Module

In various embodiments, the OSP server 400 may also include aself-exclusion module 800 that is configured to facilitate usersregistering limitations/restrictions on the transaction activities theycan conduct on the various websites associated with the OSP and/or tofacilitate users excluding themselves from engaging in one or more typesof transaction activities on one or more associated websites. Therefore,in various embodiments, the user may, at any time, decide to excludehimself from being able to engage in and/or placelimitations/restrictions one or more types of transaction activitiesassociated with one or more websites. However, it should be noted thatin many instances, limitations/restrictions on certain transactionactivities may be placed on these activities (e.g., mandated) by awebsite or by some regulatory authority. For instance, the United Statesmay implement federal regulations that mandate limitations/restrictionsbe placed on certain gambling activities conducted online on websitesrun by United States based operators.

As previously mentioned, the OSP's system 304 may include or be incommunication with a self-exclusion database 308 that contains recordson users who have excluded themselves and/or have placeslimitations/restrictions on certain types of transaction activities theymay engage in on the websites. For instance, a particular user may setlimits on the amount of funds the user may wager over a predefinedperiod of time or may set limits on the number of wagers the user mayplace during the predefined period of time. Therefore, although the usermay not wish completely to exclude himself from engaging in allactivities on one or more websites, the user may wish to “control” hisengagement in such activities. Accordingly, in various embodiments, thisself-exclusion database 308 may be checked during the registration andvalidation processes to confirm whether the user has not excludedhimself before proceeding with either process.

Typically, a user will arrive at an exclusion webpage either by visitingthe webpage directly, or by accessing the webpage from a particularwebsite. For instance, in at least one embodiment, the user may visit awebsite hosted by the OSP over the Internet and may directly access theexclusion webpage via the website. In another embodiment, the user mayfirst visit the particular website over the Internet and be redirectedto the exclusion webpage. Accordingly, FIG. 8 illustrates a flow diagramof the self-exclusion module 800 according to various embodiments. Thisflow diagram may correspond to the steps carried out by the processor405 in the OSP server 400 shown in FIG. 4 as it executes the module 800in the server's RAM memory 467 according to various embodiments.

In certain embodiments, the user initially logs into a website andprovides his username (e.g., unique user identifier) and/or password. Inresponse, the website may also initiate the validation process and as aresult receive a session identifier. The user selects an option on thewebsite to set up exclusion parameters (e.g., limitations, restrictions,and/or exclusions) and the user is directed to the exclusion webpage andthe website provides the user's unique identifier and sessionidentifier, if applicable.

The exclusion webpage may provide the user with a number of options forsetting up limitations, restrictions, and exclusions. For instance, incertain embodiments, the webpage may provide the user with the optionsto set up an exclusion for a selected period of time, such as atwenty-four (24) hour cool-off period, a six-month self-exclusion, aone-year self-exclusion, a two-year self-exclusion, and/or a five-yearself-exclusion. In addition, the webpage may provide the user with theoption to request help. Further, in these and still other embodiments,the webpage may provide the user with options to set up limitationsand/or restrictions for different transaction activities that may beengaged in on the website. As a non-limiting example, the user may setup a restriction that excludes the user from participating in aparticular game on the website or the user may set up a limit on theamount of funds the user may spend on the website over a one-monthperiod.

Still further, according to various embodiments, the webpage may providethe user with the option to set up exclusions, limitations, and/orrestrictions for one or more particular websites, one or more particulartransaction activities, and/or one or more particular transactionactivities on one or more particular websites (e.g., at differenthierarchical levels). Thus, as discussed in greater detail below, theuser may indicate whether the limitations, restrictions, and exclusionsapply only to the particular website or to two or more of theparticipating websites associated with the OSP. Alternatively, the usermay be advised that, if he chooses to self-exclude himself from onewebsite, such exclusion will apply by law to all websites offering thesame services, e.g., all gambling websites.

Therefore, the user selects one or more of the options and selects a“submit” button on the webpage. As a result, in Step 802, theself-exclusion module 800 receives the user's unique identifier, asession identifier (if applicable), and limitation/restriction/exclusionparameters. For instance, in one example, the user selects the optionsfor a one-year self-exclusion from adult websites and a request forhelp. Therefore, in this particular example, the self-exclusion module800 receives the user's unique identifier, a session identifier (ifapplicable), an indicator for the one-year exclusion, and a flagrequesting help.

In Step 803, the self-exclusion module 800 updates the user's status inthe self-exclusion database 308. That is, in particular embodiments, theself-exclusion module 800 inserts and/or updates one or more records inthe self-exclusion database 308 to reflect the options selected by theuser. In various embodiments, the self-exclusion database 308 (e.g., themanagement system for the database 308) may be configured to sendupdates (e.g., push updates) periodically to various entities such asparticipating websites and/or regulating authorities. In theseparticular embodiments, the various participating entities may maintaina “local” version of the self-exclusion database 308 within their systemnetworks so that the systems can quickly reference the local versions ofthe database. Therefore, in Step 804, the self-exclusion module 800advises (e.g., via an API call) the participating entities of the user'sselected options. This step may be carried out in real-time or may bebatched along with other exclusion updates to be sent to theparticipating entities at certain time intervals in various embodiments.

Further, in Step 805, the self-exclusion module 800 determines whetherthe user has requested help. For instance, in various embodiments, helpmay be provided to users in the form of information and/or counseling oncompulsive behavior. Therefore, in various embodiments, if theself-exclusion module 800 determines the user has requested help themodule extracts information from the OSP's system 304, such as name,telephone number, unique user identifier, and operator involved, shownas Step 807. In particular embodiments, the information extracted by theself-exclusion module 800 includes the location of the user. Forinstance, in one embodiment, the information includes the IP address forthe computing device 301 being used by the user and the self-exclusionmodule 800 obtains the location of the user by performing the Geo-IPcheck, shown as Step 808. Once the self-exclusion module 800 hasobtained the user's location, the module 800 queries a list of helpcenters for the particular compulsive behavior to locate one or morecenters that are within a predetermined distance from the user'slocation, shown as Step 809. This list of help centers may be stored instorage media within the OSP's system 304 or external to the OSP'ssystem 304.

Once the self-exclusion module 800 has the information on the helpcenters, in Step 810, the self-exclusion module 800 selects the helpcenter nearest the user's location. In particular embodiments, theself-exclusion module 800 sends the information on the help centers tothe user. In these particular embodiments, this may involve theself-exclusion module 800 facilitating the mailing of information on thehelp centers that are within the predetermined distance to the userand/or facilitating the emailing of the information to the user. Inother embodiments, this may involve the self-exclusion module 800facilitating contact of the user by at least one of the help centers. Instill other embodiments, this may involve the self-exclusion module 800presenting the list of available help centers to the user on a webpageand requesting the user to select a preferred help center. In thisparticular embodiment, the self-exclusion module 800 receives the user'sselection of a particular help center, in Step 811, and forwards thehelp center's details to the user, shown as Step 812. In otherembodiments, the self-exclusion module 800 may instead forward theuser's details to the selected help center. Thus, in these particularembodiments, the OSP's system 304 may be in communication with one ormore systems of help centers that assist individuals with treatingcompulsive behaviors. In many instances, these centers may then use theinformation to themselves initiate contact with the user directly so asto provide help, where requested.

Still further, it should be understood that according to variousembodiments, a ‘request for help’ opportunity may be presented to a userbeyond simply the context of self-exclusion, as previously describedherein. As a non-limiting example, a user may be prompted via a ‘pop-up’window with an inquiry as to whether they require help, in response towhich the user may choose whether or not to actually request help. Inthese and still other embodiments, once the request for help issubmitted, coordination between the help center and the user may occurin any of the various (and/or still other) manners, as have likewisebeen previously described herein. In at least one embodiment, it shouldbe understood that the general-context (e.g., beyond selection ofself-exclusion criteria) help request prompt may be configured to appearbased upon the system identifying potentially problematic behavior, aswill be described later herein in much greater detail. Of course, thesystem may be configured to offer users the opportunity to request helpat any of a variety of times during use and/or based upon any of avariety of factors or considerations, as may be desirable for particularapplications.

Returning to Step 805 and the context of “self-exclusion,” if theself-exclusion module 800 determines the user has not requested help,the self-exclusion module 800 returns the user to the website, shown asStep 806. Depending on the options selected by the user, the user maythen be instantly logged out of his session with the website. Forinstance, returning to the example in which the user selected the optionfor a one-year self-exclusion from adult websites, the user's option iscommunicated to the website by the OSP's system 304 directly or byupdating the operator's local self-exclusion database and, as a result,the operator and/or website automatically logs the user out of thewebsite. The same may apply at the conclusion of the self-exclusionmodule 800 sending the user's information to a counseling system, shownas Step 813.

As previously mentioned, the user may according to various embodimentsindicate to have his selected options apply to two or more participatingwebsites associated with the OSP. Therefore, in particular embodiments,if the user has excluded himself, the self-exclusion may apply acrossthe multiple participating websites indicated by the user. For instance,returning to the example, the user may have selected the option to applythe one-year exclusion across all the participating adult websitesassociated with the OSP. Therefore, if the user attempts to register foradult-theme transaction activities after imposing the self-exclusion,the registration module 500 executes the self-exclusion check (e.g.,Step 523 in FIG. 5) and determines that the user is not allowed toregister for such transaction activities based on the user'sself-imposed exclusion on the first adult website. In variousembodiments, such a mechanism makes use of less computing capacities anduse of less memory because in many instances the individual websites donot need to maintain their own system for recording and trackingindividuals who should be excluded from participating in certain typesof transaction activities on the websites. Further, in variousembodiments, such a mechanism allows for a more robust system formonitoring and restricting compulsive behavior because having acentralized mechanism facilitates casting of a wider net over suchcompulsive behavior.

Further, in various embodiments, a user may indicate to enforcelimitations and/or restrictions over two or more of the participatingwebsites associated with the OSP. For example, the user may set a $500limit on gambling losses for each month for all of the participatinggambling websites associated with the OSP. In this example, the uservisits a first gambling website and losses $350 gambling on the website.A couple of days later (and within the month), the user visits a secondgambling website and logs into an interactive session with the secondgambling website. Because the user has imposed the $500 limit across allof the participating gambling websites, in particular embodiments, theuser will be limited to losses totaling $150 because of the loss theuser has already experienced on the first gambling website.

In particular embodiments, the self-exclusion module 800 may also advisethe user on the effects of implementing a particular restriction,limitation, and/or exclusion so that the user is educated before theuser actually agrees to place the restriction, limitation, and/orexclusion into effect. For instance, if the user indicates that he wouldlike to be excluded from being able to purchase firearms on any of theparticipating websites that provide such products, the self-exclusionmodule 800 may first provide a list of such participating websites tothe user so that the user is aware of the extent of such an exclusion.The information may help the user avoiding placing a restriction,limitation, and/or exclusion into effect that he may not otherwise agreeto once he realizes the extent of the restriction, limitation, and/orexclusion. Further, in particular embodiments, the self-exclusion module800 may also advise the user on restrictions, limitations, and/orexclusions governed by regulatory authorities.

It should also be noted that in various embodiments, as at leastpreviously alluded to and briefly described, the users may not be theonly ones who can impose restrictions/limitations/exclusions onthemselves. As a non-limiting example, regulatory authorities may imposerestrictions/limitations/exclusions in particular embodiments. Inaddition, in particular embodiments, a web site may imposerestrictions/limitations/exclusions on users the website has perceivedto exhibit problem behavior. These restrictions/limitations/exclusionsmay only apply to the particular website(s) or may apply to additionalwebsites. That is, in particular embodiments, an agreement may bereached among one or more websites that allow a website to imposerestrictions/limitations/exclusions on a user that apply with respect tothe one or more website. Further, in particular embodiments, the OSP mayalso impose restrictions/limitations/exclusions on users and/or courtsmay impose restrictions/limitations/exclusions on users, for at leastthe non-limiting examples of preserving funds for child supportobligations and enforcing a restriction imposed as part of or in lightof a criminal sentence. In these and still other embodiments, the OSPmay also be required to search one or more exclusion databases (aspreviously described herein) for such limitations and also, uponreceiving notification of such limitations report the same to the one ormore exclusion databases for posting as updated and accurate data.

Behavior Analysis Module

An advantage the OSP provides in various embodiments is that the OSP'ssystem 304 is servicing multiple websites and as a result is collectinginformation on various transactions activities conducted by users onthese multiple websites. For instance, in particular embodiments, theOSP may be appointed by some regulatory authority to provide one or moredatabases storing such information and particular websites may populatethese databases with information on various transaction activities.Typically, such information represents a larger and broader sample oftransaction information than a single website could compile on its own.Therefore, in various embodiments, the OSP server 400 may also include abehavior analysis module 900 that is configured to analyze varioustransaction activities conducted by users over multiple websites, toidentify norms of behavior with respect to the transaction activitiesconducted on the websites, and to identify potentially problem users asusers whose behavior deviates from the identified norms. It should beunderstood, of course, that norms of behavior may be refined by aligningfactors such as the type or size of activity, the location of the user,and the address of the user to create categories of norms.

Accordingly, FIG. 9 illustrates a flow diagram of the behavior analysismodule 900 according to various embodiments. This flow diagram maycorrespond to the steps carried out by the processor 405 in the OSPserver 400 shown in FIG. 4 as it executes the module 900 in the server'sRAM memory 467 according to various embodiments.

In Step 902, the behavior analysis module 900 queries transactioninformation. In various embodiments, this information covers transactionactivities conducted over multiple websites by multiple users. Forinstance, the transaction information may encompass certain types oftransaction activities engaged in by a plurality of users on a pluralityof websites. For example, a plurality of gambling activities or aplurality of spending activities engaged in by a plurality of users on aplurality of websites.

As previously described, in various embodiments, when a user engages inan interactive session on a website, information on each transactionactivity the user engages in on the website may be sent to the OSP'ssystem 304 and may be stored so that the information can be laterreferenced. For example, a user may make a purchase on a particularwebsite and the website may send information on the purchase such as theproduct purchased, the amount of the purchase, the user's uniqueidentifier, and the session identifier. In turn, the OSP's system 304receives the information and stores the information in storage media.The same process is carried out for the transaction activities (e.g.,purchases) conducted by other users across one or more of the multiplewebsites associated with the OSP. Thus, the OSP has information on avariety of transaction activities conducted across multiple websites bymultiple users. Therefore, the behavior analysis module 900 queries theinformation for a number of these transaction activities from thestorage media.

In Step 903, the behavior analysis module 900 conducts an analysis ofthe transaction information to determine norms of behavior with respectto engaging in such transaction activities on the websites. A “norm ofbehavior” is considered a rule that a group (i.e., a set of usersconducting the particular transaction activities on the websites) usesfor defining appropriate and inappropriate values, beliefs, attitudes,and behaviors. Thus, in particular embodiments, the behavior analysismodule 900 conducts an analysis with respect to one or more of theattributes included in the transaction information. For instance, theattributes may include one or more of: (1) purchase amount frequency,(2) deposit amount frequency; (3) wager amount frequency; (4) limits setby one or more websites on purchase/deposit amounts; (5) limits set byone or more websites on wager amounts; (6) limits set by one or morewebsites on purchase frequency; (7) limits set by one or more websiteson deposit frequency; (8) limits set by one or more websites on wagerfrequency; (9) limits set by one or more users on purchase amounts; (10)limits set by one or more users on deposit amounts; (11) limits set byone or more users on wager amounts; (12) limits set by one or more userson purchase frequency; (13) limits set by one or more users on depositfrequency; (14) limits set by one or more users on wager frequency; (15)history of self-exclusion for one or more users; (16) history ofexclusion imposed by one or more websites; (17) history of reactivationafter exclusion for one or more users; (18) history of permanentexclusions for one or more users; (19) locations associated with one ormore users; (20) number of devices used by one or more users and repeatusage of the devices; (21) dispute history for one or more users thatcomprise chargebacks, refunds, and declines; (22) ages of one or moreusers; (23) credit scores of one or more users; (24) time periods one ormore users have been registered with one or more of the websites; (25)history of one or more users on amounts of winnings and losses; and (26)types of transaction activities engaged in by one or more users on theat least two websites.

The analysis may be carried out in various embodiments by the behavioranalysis module 900 using one or more techniques known in the art, suchas quantitative and/or qualitative methods or computationally-intensivemethods such as computer simulation, artificial intelligence, predictivemodeling, or other complex statistical methods. Further, in particularembodiments, the analysis may take into consideration factors toidentify norms of behavior for particular groups (e.g., groups orclasses of users, and the like). For instance, in one embodiment, theanalysis may be broken down based on the locations of the usersconducting the transaction activities. For example, users living inwealthy areas may exhibit norms with larger spending and/or depositsthan users living in poorer areas. Once, the behavior analysis module900 completes the analysis of the transaction information, the module900 has identified one or more norms of behavior with respect toengaging in the particular transaction activities on the websites. Forinstance, such norms may be established with respect to one or more of:(1) amounts of purchases; (2) amounts of deposits; (3) frequency ofpurchases; (4) frequency of deposits; (5) purchases by product type; (6)wagers by game type; (7) amounts of wagers; (8) frequency of wagers; (9)amounts of purchases by age ranges; (10) amounts of deposits by ageranges; (11) frequency of purchases by age ranges; (12) frequency ofdeposits by age ranges; (13) amounts of wagers by age ranges; (14)frequency of wagers by age ranges; (15) patterns of purchases; (16)patterns of deposits; (17) patterns of wagers; (18) proximity of auser's engagement to a website's set limits; (19) proximity of a user'sengagement to the user's set limits; (20) profiles of net winnings todeposits; (21) profiles of net winnings to wagers; (22) profiles of netlosses to deposits; and (23) profiles of net losses to wagers.

In various embodiments, the behavior analysis module 900 saves thedetermined norms in one or more storage media available to the OSP'ssystem 304, shown as Step 904. Further, in various embodiments, the OSPmay provide the determined norms to one or more of the operators and/orwebsites. For instance, in one embodiment, the OSP may provide periodicupdates of the norms to one or more of the websites for a licensing fee.

Thus, in Step 905, the behavior analysis module 900 in variousembodiments compares transaction information for one or more of theindividual users against the established norms of behavior. Forinstance, the behavior analysis module 900 may establish a norm for thefrequency at which users place wagers on the multiple gambling websites.Therefore, the behavior analysis module 900 determines the frequenciesat which particular users' place wagers across one or more of thegambling websites and compares the users' frequencies with theestablished norm frequency. This comparison may be carried out by thebehavior analysis module 900 at the request of the OSP or at the requestof one or more of the operators and/or websites. Further, the comparisonmay be carried out by the behavior analysis module 900 for one or moreparticular users for one or more particular websites. For instance, awebsite may request the OSP to have a comparison performed for users whohave engaged in gambling activities on its website(s) over a particulartime period, such as the last two years.

It should be apparent to one of ordinary skill that the behavioranalysis module 900 may be configured to conduct the comparison atdifferent times with respect to determining the norms of behavior. Forinstance, in particular embodiments, the behavior analysis module 900may conduct the comparison immediately after determining the norms ofbehavior. While in other embodiments, the behavior analysis module 900may retrieve the norms from storage and conduct the comparison at alater time after the norms of behavior have been determined

As a result of conducting the comparison, in Step 906, the behavioranalysis module 900 identifies one or more users as potentially problemusers. For instance, in one embodiment, the behavior analysis module 900identifies users in which one or more attributes associated with theusers diverge from norms such as: (1) escalation of frequency ofpurchases; (2) escalation of frequency of deposits; (3) escalation ofamount of purchases; (4) escalation of amount of deposits; (5)escalation of frequency of wagers; (6) escalation of amount of wagers;(7) erratic behavior with respect to frequency of purchases; (8) erraticbehavior with respect to frequency of deposits; (9) erratic behaviorwith respect to amount of purchases; (10) erratic behavior with respectto amount of deposits; (11) erratic behavior with respect to frequencyof wagers; (12) erratic behavior with respect to amount of wagers; (13)erratic behavior with respect to frequency of chargeback requests; (14)erratic behavior with respect to frequency of disputes; (15) indicationof exclusion from engaging in transaction activities by one-self, by awebsite, or state; (16) indication of requesting help; (17) indicationof defaults in use of credit cards; (18) indication of insolvency; (19)escalation of length of session time; and (20) escalation of cumulativelength of session time over a predefined period. Further, comparisonwill be undertaken against the profiles of known defaulters/problemgamblers to identify similarities in behavior. Further, in variousembodiments, the behavior analysis module 900 may also develop earlywarning indicators based on diverging norms identified for the one ormore potentially problem users, shown as Step 907. Similar to thedetermined norms, the behavior analysis module 900 may save theindicators in one or more storage media available to the OSP's system304, shown as Step 908. Further, in various embodiments, the OSP mayprovide the early warning indicators to one or more of the websites. Thewebsites may use the early warning indicators to monitor transactionactivities on the websites to identify users who may begin to exhibitproblem behavior. In addition, the OSP may also monitor transactionactivities based on the indicators to potentially identify users who maybegin to exhibit problem behavior. In certain of these and still otherembodiments, the OSP may likewise present the user with an option tosubmit a request for help, as described elsewhere herein, uponidentification of one or more divergent behaviors relative to the norm.

According to various embodiments, potentially problem users may beposted by websites to the OSP, where they will be stored and/or postedin various databases (e.g., the self-exclusion lists, theexternally-imposed exclusion lists, etc.), as may be desirable forparticular applications. Indeed, when a website receives notification ofa potentially problem user or searches this database and determines amatch, it may be, according to certain embodiments, for that website todetermine its own appropriate course of action that it takes with regardto that user. That being said, it could be that in still otherembodiments, the website will defer to the OSP and/or at leastcoordinate with the OSP so as to determine the appropriate course ofaction.

In Step 909, the behavior analysis module 900 saves information on theone or more identified users. For instance, in at least one embodiment,the behavior analysis module 900 saves the information in theself-exclusion database 308. Therefore, in these and still otherembodiments, the registration module 500 and/or the validation module600 may also query this information during performing a self-exclusioncheck. As a result, users who may have exhibited compulsive behavior andmay have not voluntarily restricted/limited/excluded themselves may alsobe identified. Further, in particular embodiments, the OSP may share theinformation on the one or more identified users with other entities suchas regulation authorities and one or more of the websites associatedwith the OSP. Thus, these entities may become aware of users that maypotentially have compulsive behavior problems that they may nototherwise know. For example, a user may be identified as a potentiallyproblem user based on abnormal transactions conducted on a firstwebsite. The user may then try and register with a second website.During the registration process, the user may be identified during aself-exclusion check as a user having potential problems (e.g., as auser exhibiting a potential for compulsive gambling behavior) and thismay be communicated to the second website. As a result, the secondwebsite may decide not to allow the user to register and engage intransaction activities on the second website.

Chargeback Module

In many instances, a user engages in a transaction activity on a websiteby charging the user's credit card. For instance, a user may purchase agood, pay a licensing fee to view a video, make a deposit on aparticular website by charging the user's credit card for an identifiedamount. As mentioned above, in various embodiments, the OSP may recordone or more credit cards for a user during the registration process.

As a result of accepting credit card payments as a mechanism forconducting various transaction activities, websites will sometimesreceive chargeback requests for transaction activities that werepreviously conducted on the websites. In general, a chargeback requestis originated by a user's issuing bank, when that bank will not accept aclearing file transaction. In many instances, this may involve the userdisputing the charge to the user's credit card. For example, the usermay argue that he did not engage in the transaction activity thatresulted in the charge to his credit card. In some instances, the userand/or the user's issuing bank may first submit a retrieval request torequest information from the website on the transaction activity inquestion. Many times in these particular instances, the website may nothave adequate information (e.g., compelling evidence) to “prove” thatthe user did actually engage in the transaction activity.

As previously mentioned, the OSP server 400 may also include achargeback module 1000 that is configured to provide a website withinformation, such as information gathered and stored by the OSP ontransaction activities conducted by various users on websites asdescribed herein, that can be used as sufficient (e.g., whether to arequisite compelling standard or otherwise) evidence to argue that auser did indeed engage in a transaction activity the website is nowreceiving a chargeback request for. An advantage to receiving suchinformation from the OSP in various embodiments is that the operatorand/or website may argue that such information is from an independentthird-party source and is therefore a more reliable (e.g., unbiased)source of proof. That is, the information may be considered morepersuasive and/or compelling since the information is being provided byan independent third-party source. FIG. 10 illustrates a flow diagram ofthe chargeback module 1000 according to various embodiments. This flowdiagram may correspond to the steps carried out by the processor 405 inthe OSP server 400 shown in FIG. 4 as it executes the module 1000 in theserver's RAM memory 467 according to various embodiments.

In Step 1002, the chargeback module 1000 receives information on thechargeback request (e.g., retrieval request). For instance, in variousembodiments, the information is typically sent from the issuing bank forthe credit card involved in the chargeback request to the acquiring bankfor the website involved in the chargeback request. The acquiring bankthen forwards the request to the OSP's system 304. In anotherembodiment, the information may first be received by the ASP's system305 from the acquiring bank. In particular embodiments, the ASP's system305 may then forward the information to the OSP's system 304. While inother embodiments, the chargeback module 1000 receives the informationdirectly from the acquiring bank.

According to various embodiments, the information on the chargebackrequest may include such parameters as the user's name, address, creditcard number used to conduct the transaction activity, the amount offunds involved in the transaction activity, the website with whom theuser conducted the transaction activity, the date and time of thetransaction activity, specifics on the transaction activity such as thetransaction reference number, the type of transaction activity, and thereason for the chargeback request. For example, the information mayindicate Mark Smith of 123 Street, Oak Park, Ill. purchased a men'sshirt on Oct. 3, 2009 at 9:00 a.m. on website koolshirts.com operated byKoolShirt Corp. and Mark Smith is disputing that he never made thepurchase and is requesting a refund for the charge on his credit card.

In response, at Step 1003, the chargeback module 1000 retrievesinformation the OSP (or in the alternative, the ASP) has stored for theparticular transaction activity. For instance, in one embodiment, thechargeback module 1000 queries stored user information to locate MarkSmith's unique user identifier by using his name and address. Once thechargeback module 1000 has obtained Mark Smith's unique user identifier,the chargeback module 1000 queries the stored information on transactionactivities conducted by Mark Smith using the unique identifier andvarious other information provided in the received information to locatethe particular transaction activity involved in the chargeback request.

In Step 1004, the chargeback module 1000 determines whether thetransaction activity was located. If the chargeback module 1000determines that information on the transaction activity was not located,the chargeback module 1000 reports back to the entity from which itreceived the information on the chargeback request that information onthe transaction activity could not be located in the OSP's system 304,shown as Step 1005. For instance, in one embodiment, the chargebackmodule 1000 sends a message to the entity's system that indicatesinformation on the particular transaction activity could not be found.

If the chargeback module 1000 determines information on the transactionactivity was located, the chargeback module 1000 according to variousembodiments retrieves historical information on one or more transactionactivities conducted by Mark Smith, shown as Step 1006. This historicalinformation typically involves different or similar types of transactionactivities conducted by the user involved in the chargeback request withthe particular website. For instance, returning to the example, thechargeback module 1000 may, in these and still other embodiments, queryany transaction activities involving Mark Smith making clothingpurchases involving the operator associated with the chargeback requestin the past two years. Note that in some instances, the query mayinvolve transaction activities conducted on multiple websites becausethe operator associated the chargeback request may have used more thanone website. The query may return a total of twenty-two (22) records onclothing purchases made by Mark Smith on the website involved in thechargeback request over the past two years.

In response to retrieving the historical information, in Step 1007, thechargeback module 1000 according to various embodiments compares theparameters of the particular transaction involved with the chargebackrequest with the parameters of the historical transactions. Forinstance, returning to the example, the chargeback module 1000 comparesthe types of items purchased for each of the transaction activities, thetimes of day the purchases were placed, the credit card numbers involvedwith each purchase, etc. The chargeback module 1000 then determineswhether there are any correlations between the parameters of thetransaction activity involved in the chargeback request and theparameters of the historical transaction activities. Thus, in particularembodiments, the OSP establishes correlation rules that are executed bythe chargeback module 1000 in order for the chargeback module 1000 todetermine whether any correlations exist between the transactionactivity involved in the chargeback request and the historicaltransaction activities. For example, the OSP may institute a correlationrule that indicates that if the transaction activity involves a purchasefor men's clothing, the price of the purchase for the transactionactivity must be within plus or minus twenty dollars ($20) of theaverage price of purchase of the historical transaction activities inorder for a correlation to exist. In another example, the OSP mayinstitute a correlation rule in which the location associated with theIP address of the computing device used to conduct the transactionactivity involved with the chargeback request must match the locationsassociated with the IP addresses of the computing devices used toconduct one or more of the historical transaction activities.

In similar fashion, in another example, the OSP may according to variousembodiments institute a correlation rule in which the locationassociated with the IP address of the computing device used to conductthe transaction activity involved with the chargeback request must matchthe locations associated with a home address provided by the user duringconducting one or more of the historical transaction activities. Instill another example, the OSP may in at least one embodiment institutea correlation rule in which the username provided during the transactionactivity associated with the chargeback request must match the usernamesprovided during one or more of the historical transaction activities.Further, in another example, the OSP may institute a correlation rule inwhich a fingerprint associated the computing device (e.g., MAC address)used to conduct the transaction activity involved with the chargebackrequest must match fingerprints of the computing devices used to conductone or more of the historical transaction activities. One of ordinaryskill in the art can envision several additional correlation rules thatcan be fashioned in light of this disclosure, as may be desirable forparticular applications, without departing substantively from thegeneral nature of the present invention.

Depending on the embodiment, a “match” can be made to varying levels.For instance, in various embodiments, the chargeback module 1000 may beconfigured to perform “exact” type matching with respect to one or morecorrelation rules. For example, in one embodiment, the chargeback module1000 may be configured to determine whether the location associated withthe IP address of the computing device used to conduct the transactionactivity involved with the chargeback request exactly matches thelocations associated with the IP addresses of the computing devices usedto conduct one or more of the historical transaction activities in orderto establish a correlation. In other embodiments, the chargeback module1000 may be configured to perform more “fuzzy” type matching withrespect to one or more correlation rules. For instance, in oneembodiment, the chargeback module 1000 may be configured to determinewhether the location associated with the IP address of the computingdevice used to conduct the transaction activity involved with thechargeback request is within a predetermined distance from the locationsassociated with the IP addresses of the computing devices used toconduct one or more of the historical transaction activities in order toestablish a correlation. Thus, in various embodiments, the “matching”functionality of the chargeback module 1000 may vary in degree withrespect to establishing a correlation and the type of matching may varyamong the different correlation rules.

As yet another non-limiting example, in various embodiments, the“matching” functionality of the chargeback module 1000 may search formatches in timing or amounts of transactions conducted by the user toidentify behavioral patterns. Further, in one embodiment if the user hassubsequently received a benefit from making the transaction, this wouldconstitute compelling evidence, as previously described herein. Forinstance, a real world example would be where the website is a gamblingoperator and the user is a player who is disputing a deposittransaction, but has subsequently placed a bet or received a bonus orincentive resulting from the disputed transaction.

Further, the OSP may institute the rules in different ways according tovarious embodiments. For instance, in one embodiment, the rules may bestored in a database and queried by the chargeback module 1000 for use.In another embodiment, the rules may simply be hard-coded in thechargeback module 1000. In addition, the rules may be identified forparticular types of transaction activities (e.g., for clothing purchaseactivities, a set of rules may be identified for women's clothingpurchases, men's clothing purchases, and/or children's clothingpurchases) and/or for particular websites and/or industries. Forinstance, particular industries may require certain information todemonstrate correlations for the transaction in question in order tomeet the level of sufficient (e.g., compelling) evidence required by thecredit card companies to allow a re-presentment. For example, for anonline airline ticket purchase made for an international flight, theairline operator may be required to demonstrate that the user's passportnumber associated with the international flight matches the passportnumber associated with the international flights in one or morehistorical transactions in order to establish compelling evidence thatthe user actually purchased the airline ticket. Alternatively, incertain embodiments, the airline operator may only have to demonstratethat the user received air-miles for the transaction and flight that issubject to a chargeback. Of course, one of ordinary skill in the art canenvision several various evidentiary standards and/or rules forchargeback requests that may be employed in light of this disclosure, asmay be desirable for particular applications, without departingsubstantively from the general nature of the present invention.

In Step 1008, the chargeback module 1000 determines whether anycorrelations have been established. If, according to variousembodiments, the chargeback module 1000 has failed to establish anycorrelations, the chargeback module 1000 reports to the entity that sentthe information on the chargeback request that no correlations wereestablished between the transaction involved in the chargeback requestand the historical transactions, shown as Step 1009. In these and otherembodiments, the OSP may be authorized to process the chargeback requestin particular embodiments on the websites' behalf. However, if thechargeback module 1000 has established one or more correlations, thechargeback module 1000 sends information on the one or more correlationsto the entity that sent the information on the chargeback request andre-presents the transaction, shown as Step 1010.

As a result, the entity that sent the information on the chargebackrequest may now use the information on the correlations to establishcompelling evidence that the user actually conducted the transactionactivity involved in the chargeback request. For instance, the acquiringbank for the operator involved in the chargeback request may now use theinformation on the correlations as sufficient (e.g., compelling)evidence that the user did indeed engage in the transaction activity onthe website. In particular industries, the website need only to providesuch evidence to successfully refute the chargeback request.Accordingly, in certain embodiments, the website and/or acquiring bankmay then re-present the disputed transaction with the supportingevidence across the credit card company's re-presentment system.

Returning now to the previously introduced and non-limiting example, thechargeback module 1000 may compare the parameters for the transactionactivity involved with the chargeback request and the parameters of thetwenty-two historical transaction activities. In these and otherembodiments, the chargeback module 1000 determines a correlation existsin that the typical price of purchase (e.g., average price) for thepurchases made by Mark Smith has made on the website for the historicaltransaction activities is one-hundred dollars ($100) and the purchasemade in the transaction activity involved in the chargeback request isone-hundred and twenty dollars ($120). Further, the chargeback module1000 determines a correlation exists in that twelve of the twenty-twohistorical transaction activities involve purchasing men's dress shirtsand that the transaction activity involved with the chargeback requestalso was a purchase for a men's dress shirt. Finally, the chargebackmodule 1000 determines a correlation exists in that the same credit cardwas used in all of the transaction activities (i.e., the historicaltransaction activities and the transaction activity involved in thechargeback request). In at least certain embodiments, the chargebackmodule 1000 determines whether this evidence meets the credit cardcompanies' rules (e.g., sufficiency and/or compelling nature) forre-presentment and will convey the decision to the website, KoolShirtCorp. Depending on contract terms between the website and the OSP, theOSP will seek the websites authorization to process the chargebackand/or re-present the transaction with the sufficient (e.g., compelling)evidence, or the OSP will be empowered to act accordingly.

Finally, it is noted that in particular embodiments the chargebackmodule 1000 is configured to evaluate a parameter that indicates whetherthe user has attempted to reconcile the chargeback request with thewebsite directly. If the indicator shows the user has not, thechargeback module 1000 may notify the entity that has submitted theinformation on the chargeback request that the user should first attemptto reconcile the chargeback with the website. Of course, one of ordinaryskill in the art can envision any of a variety of configurations thatcan be fashioned in light of this disclosure, as may be desirable forparticular applications, without departing substantively from thegeneral nature of the present invention.

Authorization Module

As previously mentioned, the validation module 600 according to variousembodiments validates what transaction activities users can engage inwhen they are visiting various websites. Such transaction activities mayinclude debiting a credit card for a user. For instance, in certainembodiments, a website may seek authorization for debiting a credit cardwhen the user makes a purchase on the website and/or when the userdeposits funds on the website so the user may have the funds availableto conduct such activities as making a purchase, paying rental fees formedia, or placing a wager. It should be noted that by multiple websitesfollowing the practice of seeking authorization for debiting creditcards through the OSP, better efficiency is realized in variousembodiments because each website does not need to have the systeminfrastructure to communicate and interact directly with the partiesinvolved with seeking authorization for debiting credit cards of users.For instance, each website does not need to have the infrastructure tocommunicate with the various card issuer networks associated with creditcard issuing banks. Therefore, in various embodiments, the OSP server400 may also include an authorization module 1100 that is configured tofacilitate a website seeking authorization for debiting a credit card ofa particular user.

FIG. 11 illustrates a flow diagram of the authorization module 1100according to various embodiments. This flow diagram may correspond tothe steps carried out by the processor 405 in the OSP server 400 shownin FIG. 4 as it executes the module 1100 in the server's RAM memory 467according to various embodiments.

Typically, according to various embodiments, this process begins after auser has been validated on a particular website and decides to conduct atransaction activity such as make a purchase or deposit funds. Inparticular embodiments, the user selects a button on the website and isdirected to a webpage for providing information on the purchase/deposit.Because the user has been validated and assigned a session identifier,there is no need in various embodiments to perform certain checks suchas a jurisdiction check and/or an age check. In response to the userbeing directed to the webpage, the website or webpage sends the OSP'ssystem 304 certain information on the user. This information may includethe user's unique identifier and the session identifier, which is linkedto one or more fingerprints of the user's device for the currentsession.

In Step 1102, according to various embodiments, the authorization module1100 uses the session identifier and the user identifier to confirm thelegality of the transaction and to determine whether limits and/orrestrictions have been imposed on the user with regard to thetransaction activity (e.g., limits and/or restrictions on making apurchase/deposit). Next, in Step 1103, the authorization module 1100extracts the user's address from the stored information on the user byusing the user's unique identifier.

Depending on the embodiment, the website may host the webpage or thewebsite may direct the user to a webpage hosted by the OSP. The webpagerequests information from the user and/or website with regard to seekingauthorization for the transaction activity. For instance, in oneembodiment, the webpage may request an amount of funds the website wouldlike to debit the credit card (e.g., the price of a good the user ispurchasing or the amount of funds the user would like to deposit withthe website). In addition, the webpage may request the user to enter acredit card or may request the user to select a registered credit cardwith the OSP. As previous described, in various embodiments, the usermay set up one or more credit cards during the registration process. Inthese particular instances, the webpage may display information on theregistered cards (obtained from the OSP's system 304) to the user sothat the user may select an appropriate card to use in the transactionactivity. Further, the webpage may request the user to enter the CVC/CVVand/or the expiration date for the selected credit card, shown as Step1104.

Once, according to various embodiments, the user has entered therequired information and/or the website has provided the requiredinformation, the user selects a button such as “purchase” or “submit.”In response, the website's webpage sends the transaction activityinformation to the OSP's system 304 for authorization or the OSPdirectly seeks authorization through the acquiring bank. Theauthorization module 1100 may pass the information to the ASP's system305 or the OSP will store the information.

Next, according to various embodiments, the acquiring bank systemreceives the authorization request and identifies the appropriate cardissuer and issuing bank and routes the authorization request to theissuing bank via the appropriate credit card company (e.g., the VISA,MasterCard, or American Express networks). Upon receiving the request,the issuing bank system verifies that the credit card is operational andvalid and that sufficient funds are available for the transaction. Uponapproving the authorization request, the issuing bank system sends anapproval message to the acquiring bank system via the appropriate creditcard company or an authorized processor and the acquiring bank systemreceives the approval message and transmits the approval message to theASP's system 305 or, alternatively to the OSP directly. In Step 1106,the ASP's system 305 receives and stores the approval message andtransmits the approval message to the authorization module 1100 on theOSP's system 304.

In Step 1107, according to various embodiments, the authorization module1100 determines whether the transaction activity has been authorized. Ifthe authorization module 1100 determines the transaction activity hasnot been authorized, the authorization fails, shown as Step 1108. Inparticular embodiments, this step may entail the authorization module1100 sending information to the webpage and/or website conveying thatthe transaction activity has not been authorized. In turn, the webpageand/or website communicate the information to the user. Instead, if theauthorization module 1100 determines the transaction activity has beenauthorized, the module 1100 records the transaction activity along withthe authorization, the user's unique identifier, and the sessionidentifier in one or more storage media that is accessible by the OSP,shown as Step 1109. In addition, the module 1100 reports suchinformation to the website, shown as Step 1110. As a result, the websiteprocesses the transaction activity (e.g., completes the purchase made bythe user or deposits funds into an account set up for the user on thewebsite).

As mentioned, in particular embodiments, the user registers one or morecredit cards with the OSP during the registration process. At that time,the OSP may verify that the one or more credit cards are valid with theissuing bank and that the user is authorized to use the credit card fortransaction activities by conducting a “$1 authorization” (or anyauthorization having any of a variety of monetary values). In theseparticular instances, the OSP may not request authorization for thesubsequent transaction activity at the time the user request to conductthe activity. Instead, the OSP records the authorization request andsubmits the authorization to the acquiring bank (who may in turn passthrough such to additional parties, including, for example, the issuingbank) at a later time. FIG. 11A illustrates a flow diagram of theauthorization module 1100 configured to carry out such a processaccording to various embodiments. Again, this flow diagram maycorrespond to the steps carried out by the processor 405 in the OSPserver 400 shown in FIG. 4 as it executes the module 1100 in theserver's RAM memory 467 according to various embodiments.

Therefore, similar to the process described in FIG. 11, in Step 1102A,the authorization module 1100 receives information that includes thesession identifier and the user identifier and the module 1100 validatesboth identifiers. In this particular instance, the webpage displaysinformation on the registered cards to the user and the user selects anappropriate card to use for the transaction activity. In turn, theauthorization module 1100 receives the selection for the credit card,shown as Step 1103A.

Next, according to various embodiments, the webpage may request the userto enter the CVC/CVV and/or the expiration date for the selected creditcard and may request the user to enter (or the website provides) theamount to be debited to the selected credit card, shown as Step 1104A.Once the user has entered the required information and/or the websitehas provided the required information, the user selects a button such as“purchase” or “submit.” In response, the webpage sends the transactionactivity information to the OSP's system 304 and the authorizationmodule 1100 verifies the correct CVC/CVV and/or expiration date has beenentered for the selected card and stores the transaction activityinformation, shown as Step 1105A. For instance, in one embodiment, theauthorization module 1100 stores the transaction activity information ina database that resides on storage media located either within oroutside of the OSP's system 304. Thus, the authorization module 1100does not seek authorization for debiting the credit card with theissuing bank at the time the user requests to conduct the transactionactivity.

In this particular embodiment, the authorization module 1100 thendetermines a batch authorization time (that is a cut off time for thetransactions period and the elapsed time before a batch authorization)for the authorizations, shown as Step 1106A. According to variousembodiments, the batch authorization time may be agreed upon between theparticular website, the OSP and the acquiring bank. Information on thebatch authorization time may be stored by the OSP's system 304 or may berequested from the particular website at the time the transactionactivity is being conducted. The batch authorization time indicates theappropriate time in for example a 24 hour period at which authorizationrequests for the transaction activities should be submitted to theissuing bank. Thus, at this particular time, the OSP's system 304automatically calls for the transaction data from the website andsubmits the authorization requests to the acquiring bank for processing.Therefore, the authorization module 1100 determines the batchauthorization time for the transaction activity and saves the time alongwith the transaction activity. As a result, in at least one embodiment,the OSP's system 304 monitors the batch authorization time, calls forthe data file from the website, and submits the authorization requestsfor the transaction activity.

In Step 1107A according to various embodiments, the authorization module1100 determines whether the authorization requests file has beensuccessfully recorded. This accomplished by attaching a reference numberto the file and counts of the number and amount of transactions. Theacquiring bank will acknowledge and reconcile a perfect file has beenreceived. If the authorization module 1100 determines the authorizationrequests file has not been successfully recorded, the recordation fails,shown as Step 1108A, and will be investigated and resubmitted. Theresult of the authorization requests will be received by the OSP orwebsite. The Website will communicate any authorization failure to theuser and seek an alternative payment method. However, if theauthorization module 1100 determines the authorization requests havebeen successfully, the module 1100 reports such information to thewebsite, shown as Step 1109A according to various embodiments. As aresult, the OSP processes the authorization request batch file at thepredetermined time.

Clearing and Settlement Module

In particular embodiments, various operators and/or websites utilize theOSP to clear and settle transaction activities involving users' creditcards and other payment methods. Similar to verifying credit cardauthorization requests for transaction activities, such practiceprovides better efficiency in various embodiments because each websitedoes not need to have the system infrastructure to communicate andinteract directly with the parties involved with settling transactionactivities involving credit cards. Therefore, in various embodiments,the OSP server 400, and/or the ASP server may also include a clearingand settlement module 1200 that is configured to facilitate settlementof transaction activities for a particular website. In particular, thismodule 1200 is configured to reconcile settlement files received from anissuing bank with clearing files submitted on behalf of a website.

FIG. 12 illustrates a flow diagram of the settlement module 1200according to various embodiments. This flow diagram may correspond tothe steps carried out by the processor 405 in the OSP server 400 shownin FIG. 4 as it executes the module 1200 in the server's RAM memory 467according to various embodiments. Thus, in certain embodiments, awebsite sends the OSP's system 304 or the OSP calls the website at adesignated time(s) for an automated upload of one or more clearing filescontaining various completed transaction activities for settlement.Typically, the website batches all of the completed transactionactivities for a particular time period (i.e., the previous twenty-fourhours) and responds to a call from the OSP for the batched transactionactivities in the clearing files at a set time of the day to be sent tothe OSP's system 304.

According to various embodiments, in Step 1202, the clearing andsettlement module 1200 receives the one or more clearing files from thewebsite. In response, the clearing and settlement module 1200 records,in particular embodiments, information on each transaction listed in theclearing files in one or more storage media accessible by the OSP, shownas Step 1203. Further, in particular embodiments, the settlement module1200 arranges an upload of the one or more clearing files for aparticular acquiring bank based on the information in the files, shownas Step 1204. The clearing files typically include the authorizedcompleted transaction activities over the particular time period. Inaddition, the clearing and settlement module 1200 may include a counterfor the number of transaction activities and total monetary (e.g.,dollar) amount of transactions listed in the files, together with areference number for the file. In response to receiving the files, theOSP's system 305 may send back the counter to verify that the system 305has received all of the transaction activities' information listed inthe clearing files. Next, in step 1205, the clearing and settlementmodule 1200 stores the clearing files on the OSP's system 304. It shouldbe noted, however, that in particular embodiments, the settlement module1200 may generate the clearing files based on transaction activitiespreviously stored by the OSP's system 304 instead of receiving them fromthe website.

In step 1206, the OSP's system 305 transfers one or more of the clearingfiles to the appropriate acquiring bank. In turn, the acquiring bankreceives the files, splits the transactions by credit-card company name,and transmits the files to the appropriate credit card companies, whothen forward the transactions to the designated issuing banks. Theissuing banks processes settlement for the completed transactionactivities listed in clearing files and transfer settlement fileslisting the settled transaction activities to the respective credit cardcompanies, who divide and amalgamate the files by acquiring bank. Theacquiring bank sorts its settlement files by OSP and by website andtransfers them accordingly to the OSP, when an OSP is involved. The OSPmay make the clearing and settlement data available to the ASP's system305, shown as Step 1207 or the Acquiring bank may supply the filesdirect to the ASP. Hence reconciliation of the clearing and settlementfiles may either be undertaken by the acquiring bank, the OSP or theASP.

In certain embodiments, the ASP's system 305 takes the clearing andsettlement files received from the clearing and settlement module 1200and reconciles the information in the clearing files and the settlementfiles, shown as Step 1208. Further, the results of the reconciliationperformed in step 1208 may be summarized in a reconciliation report (or“advice note”) by the ASP according to various embodiments of theinvention. The ASP will then make adjustments to the settlement funds.These will include debiting chargebacks that are to be processed,debiting fees that are due, debiting for taxes, and making debit andcredit adjustments to a rolling reserve and/or a segregated users'deposits account. Finally, in step 1209, the ASP's system 305 organizesthe net settlement payments for each party and the amount fortransferring to the appropriate bank accounts for each party andtransfers the payments to the accounts. It should be noted that invarious embodiments, the ASP's system's 305 transfers of payments aremade electronically. That is, data representing the payments aretransferred to the appropriate parties, who then show the fundsdeposited electronically into the appropriate accounts based on at leasta portion of the received data.

As mentioned, in various embodiments, the ASP's system 305 summarizesthe results from reconciling the clearing and settlement files providedby the clearing and settlement module 1200 and any adjustments in a netsettlement reconciliation report. In Step 1210, this report is receivedby the settlement module 1200 from the ASP's system 305. In turn, theOSP may send the report to each website periodically (e.g., daily orweekly). Further, in Step 1211, the clearing and settlement module 1200may record information on the results displayed in the net settlementreconciliation report in one or more storage media accessible by theOSP. In various embodiments, the reconciliation report summarizes theamounts that the website can expect to receive in the website's bankaccount by a particular date. In addition, in various embodiments, thenet settlement reconciliation report shows the following deductions andadditions made from/to the operator's and/or website's funds: (1) lesscommission and charges (covering payments to all participants in thepayment chain); (2) less a “trust deduct” corresponding to a percentageof the total amount that is withheld for a certain time period (e.g., 6months or a year) in a rolling reverse account as security against,against the website's default, including fines, fees, chargebacks andrefunds. In this way the users are protected in the event of a disputewith the website and the parties to the credit card value chain areprovided with a timely resolution to a website defaulting; (3) plus the“trust money” that was withheld on a rolling reserve during the certaintime period and one day before the date of the advice note; (4) less anychargebacks communicated by the acquiring bank on the day of the advicenote relating to previous transactions; (5) less taxes due; (6) less newdeposits lodged by users and winnings received by users to be placedinto a segregated deposit account; (7) plus bets placed by users againstsuch deposits and plus user withdrawals from their website depositaccount.

According to various embodiments, before transferring funds to and fromthe appropriate parties' accounts, the OSP reviews the net settlementreconciliation report, including the dates on which payments areindicated to be paid and sends the ASP authorization to affect thetransfers to and from the appropriate bank accounts (shown as Step1212). The OSP may then forward the net settlement reconciliation reportto the appropriate website and the acquiring bank if required. Uponreceiving approval from the OSP for the net settlement reconciliationreport, the ASP's system 305 transfers (e.g., credits or debits) thefunds to and from the appropriate parties' bank accounts according tovarious embodiments. Further, in particular embodiments, the settlementmodule 1200 changes the status of the transactions indicated as settledin the report and that had previously been stored by the OSP's system304 to “settled.”

ASP Module

As mentioned above with regard to the clearing and settlement module1200, in various embodiments, the ASP coordinates reconciliation of thesettlement funds for the completed transaction activities for thevarious websites. In particular embodiments, this provides a safetymechanism because the ASP can act as a third-party between the variouswebsites and the OSP and can provide a guarantee that the funds receivedfrom the acquiring bank are distributed accordingly among the websitesand the OSP and other third parties such as tax jurisdictions. Thus, invarious embodiments, the ASP's system 305 may include a module 1300 forfacilitating this function.

Thus, in various embodiments, the ASP's system 305 may include one ormore computing devices with similar functionality as the OSP server 400.Accordingly, FIG. 13 illustrates a flow diagram of the ASP module 1300according to various embodiments. This flow diagram may correspond tothe steps carried out by a processor in such a computing device residingin the ASP's system 305 as it executes the module 1300 in the device'sRAM memory according to various embodiments.

In Step 1302, the ASP module 1300 receives one or more clearing filesfrom an OSP associated with a website. As mentioned above, the one ormore clearing files include information on completed transactionactivities conducted over a certain time period on the websites. Inparticular embodiments, the website may first send the files to the OSPand the OSP may then forward the files to the ASP. Further, in Step1303, the ASP module 1300 receives settlement files from the OSP or theacquiring bank. For instance, as explained above, the OSP's system 305(e.g., the ASP module 1300) transfers the one or more clearing files tothe appropriate acquiring bank. In response, the acquiring bank splitsand sends the files to the appropriate credit card companies, who passtransactions to the designated issuing banks and receives settlementfiles back from the issuing banks. The acquiring bank may pass thesettlement files to the ASP. Thus, in various embodiments, thesettlement funds are re-presented electronically via data in one or moresettlement files.

Thus, in Step 1304 according to various embodiments, the ASP module 1300electronically credits funds into one or more settlement accounts. Incertain embodiments, these settlement accounts are typically controlledby the ASP and may hold funds associated with settlements for a numberof websites. In particular embodiments, each settlement account may beassociated with a single website. “Control” in particular embodimentsmay be understood to mean that the ASP (and/or, in some instances, thewebsite) have authorization to deposit and/or withdraw funds from theaccount. Thus, in these particular embodiments, the only funds placed ineach settlement account are funds associated with settlements receivedfor the particular website.

In Step 1305, the ASP module 1300 takes the clearing files received fromthe website and the settlement files received from the OSP or theacquiring bank and reconciles the information from the two sources.Thus, in Step 1306, the ASP module 1300 determines whether the clearingfiles and the settlement files reconcile. For instance, in oneembodiment, the ASP module 1300 determines whether the amount for eachcompleted transaction activity listed in the clearing files matches anamount identified in the settlement files. If the clearing files and thesettlement files do not reconcile, the ASP module 1300 generates anerror report listing the transaction activities that could not bereconciled, shown as Step 1307. In particular embodiments, the ASP 1300may send the error report to the website, the OSP, and/or the acquiringbank. Thus, the various parties may use the error report to correct theproblems shown with respect to one or more of the transaction activitieslisted in the error report. The ASP module 1300 then continues with thesettlement process with respect to the transaction activities that wereable to be reconciled.

With respect to the completed transaction activities that do reconcile,the ASP module 1300 according to various embodiments makes adjustmentsfor fees, chargebacks, taxes, rolling reserve management and segregatedusers' deposits' management. The ASP then, in certain embodiments,generates a net settlement reconciliation report, shown as Step 1308,and sends the report to the OSP, shown as step 1309 and the acquiringbank, if required. As previously described, the OSP receives the reportand after reviewing the report, sends the ASP authorization to transferthe funds to and from the appropriate bank accounts. Therefore, in Step1310 according to these and still other embodiments, the ASP module 1300receives the authorization and moves forward with transferring the fundsto and from the appropriate bank accounts.

In Step 1311, the ASP module 1300 determines whether any taxes are owedon the completed transaction activities that were settled andreconciled. In particular embodiments, information on the taxes owed onthe transaction activities may be provided along with the clearingfiles. In other embodiments, the ASP module 1300 may determine whattaxes are owed on the transaction activities. For instance, inparticular embodiments, the ASP module 1300 identifies one or morerelevant tax jurisdictions associated with the financial transactions.For example, in one embodiment, the ASP module 1300 determines thelocations of the users involved in the transaction activities settledand reconciled and performs a look-up in one or more databases 307 todetermine the one or more relevant tax jurisdictions, which could bedetermined by residency or the user's location, or the website'slocation. In other embodiments, the ASP module 1300 may also considerother locations associated with the transactions such as the location ofthe locations where the websites are hosted.

Next, according to various embodiments, the ASP module 1300 queries theone or more databases 307 to determine one or more types of taxassociated with the identified tax jurisdictions. For instance, thetypes of tax may include sales tax, deposit tax, withholding tax, and/orwager tax due on the transaction activities. If one or more types of taxare associated with the identified tax jurisdictions, then the ASPmodule 1300 applies corresponding taxation rates for the types of tax tothe transaction activities to determine the tax owed on the transactionactivities and deducts the amount owed from the funds in the one or moresettlement accounts. For instance, the ASP module 1300 may receiveinformation from the website on one or more bets placed by a pluralityof users over a determined period of time, such as the period of timethe one or more transaction activities were conducted, and may calculatethe amount of wager tax to be paid by the website and adjust downwardsthe net settlement funds to enable the payment of the wagering tax on adue date. For instance the ASP may receive from the OSP or the websiteinformation on the one or more deposits and withdrawals made by theplurality of users over a determined period of time to calculate theamount of a deposit tax, based on net deposits by deducting withdrawals,that is due to be paid by the website. The ASP will deduct this amountfrom the net settlement funds and pay such amount to the appropriate taxjurisdictions based on the location of the users and each applicablejurisdiction's legislation governing deposit taxes. For instance ASP mayreceive from the OSP or website information on purchases made by aplurality of users over a determined period and refunds to such users.

The ASP module 1300 may then according to various embodiments alsocalculate the sales tax due as a percentage of the one or more purchasesbased on the applicable jurisdictions, determined by the user's locationas validated on log in. In certain embodiments, the module may furtherand/or alternatively pay the sales tax due in conjunction with reportingto at least one of the appropriate tax jurisdiction and the merchant,information on the one or more transaction activities, the sales taxdue, and the payment thereof.

If the ASP module 1300 determines taxes are owed on the transactionactivities, in Step 1312, the ASP module 1300 deducts funds from thesettlement accounts for the taxes owed. In Step 1313, the ASP module1300 electronically credits the deducted funds into one or more taxaccounts. In various embodiments, the taxes due are typically calculatedfor a predetermined time period (daily) and deducted from the settlementaccounts to be placed in the tax accounts.

Similar to the settlement accounts, in various embodiments, the ASPmodule 1300 may place all of the tax funds in one tax account regardlessof the taxing authority the taxes are owed to. While in otherembodiments, the ASP module 1300 may place the tax funds in particularaccounts based on the taxing authority the funds are owed to. Forinstance, in one embodiment, each taxing authority may have anindividual account in which the funds owed to the authority are placed.Typically, these tax accounts are controlled by the ASP. However, incertain instances, the individual taxing authorities may also haveauthority to withdraw funds directly from these accounts. Further, inparticular embodiments, the OSP may also have control of these accounts.

In similar fashion, in Step 1314, the ASP module 1300 determines whetherany fees are owed on the transaction activities. For instance, the OSPmay charge a fee for each transaction activity processed by the OSPand/or for each service provided in regard to a particular transactionactivity. Further, the ASP may charge a fee for each transactionactivity the ASP is requested to settle and reconcile. Thus, in Step1315, if the ASP module 1300 determines one or more fees are due for thetransaction activities that were settled and reconciled, the ASP module1300 deducts funds for the fees from the settlement funds. In Step 1316,the ASP module 1300 then electronically credits the fees into one ormore fee accounts. In particular embodiments, there may only be one feeaccount or more than one fee account. Further, the one or more feeaccounts may be controlled by various parties.

Further, in Step 1317, the ASP module 1300 determines whether any fundsare to be placed in one or more rolling reserve accounts. For instance,in particular embodiments, various participants may require a certainportion (e.g., percentage) of the settlement funds be used to fund oneor more rolling reserve accounts. For example, the ASP module 1300 mayallocate 7.5% of the funds associated with settled transactionactivities and to be received by each website to a rolling reserveaccount for each website. The funds in these rolling reserve accountsmay then be applied to meet any unfulfilled obligations of the websitessuch as unpaid penalties, fees, and/or legal obligations. For instance,the funds in the rolling reserve accounts may be used to fund a validchargeback request received in relation to a transaction activityconducted on one of the webpages when the website is unable or unwillingto fund directly the valid chargeback request. Thus, in Step 1318, theASP module 1300 deducts the funds from the settlement accounts andelectronically credits the funds into the one or more service accounts,shown as Step 1319.

In particular embodiments in which the service accounts are rollingreserves, the portion of the funds allocated to the accounts aretypically held in the accounts for a predetermined time period andforwarded to the appropriate website accounts if not used at the end ofthe predetermined time period. Thus, “old” funds are continuously“rolling” out of the accounts as the predetermined time period elapsesfor the funds and “new” funds are continuously “rolling” into theaccounts as transaction activities are settled and reconciled. Invarious embodiments, the portion of funds allocated to the rollingreserve accounts and/or predetermined time period may be adjusted basedon the amount of use of these funds to meet the websites' unfulfilledobligations.

Further, the one or more services accounts may reside as part of theASP's system 305 or may reside or be maintained by an independent bankor other financial institution. Thus, in particular embodiments, the ASPand/or independent bank or other financial institution control theaccounts and have clear title to the funds in the accounts in the eventof certain occurrences such as, for example, bankruptcy of the websitesand/or OSP. Such an arrangement provides protection for all members ofthe value chain. For instance, if the OSP were to go bankrupt, thewebsites are secure in knowing that their funds in the service accountsare not accessible to creditors of the OSP.

In various embodiments, the funds remaining in the settlement accounts(e.g., net settlement figures) are due to one or more websites. Inparticular embodiments, the ASP's system 305 (e.g., ASP module 1300) istypically configured to transfer the funds in the one or more settlementaccounts to one or more accounts associated with the websites after apredetermined period of time. However, in other embodiments, thewebsites may have authority to withdraw the funds directly from thesettlement accounts. Further in particular embodiments, the ASP's system305 (e.g., ASP module 1300) is typically configured to transfer thefunds in the one or more tax accounts to the appropriate taxingauthorities after a predetermined period of time (e.g., due date), aswell as transfer the funds in the one or more fee accounts to accountsfor the appropriate parties.

In particular embodiments, the ASP module 1300 reports the results ofthe reconciliation (e.g., reports the amounts placed in each account) ina reconciliation report (or “advice note”) to the one or more websites,and in some instances, to the users impacted by the process. Forexample, in one embodiment, the ASP module 1300 sends a net settlementreport to the OSP and the OSP sends the report to the correspondingwebsite In another example the ASP sends a reconciliation report to atax jurisdiction with payment of the taxes due by the website, and acopy of the same report to the website as confirmation that taxes duehave been paid.

In addition, in particular embodiments, the ASP will request informationfrom one or more websites on the plurality of users' gambling activity,including bets placed, winnings and losses, deposits, withdrawals andany withholding tax deductions. For example this information may besupplied daily by overnight batch for the previous 24 hours gamblingactivity. Such batch will configure the information by the unique useridentifier and the session identifier. The ASP module will collate on anaggregating basis for each user the key tax information the user willrequire for the annual tax assessment.

At the end of each calendar year an electronic report will be prepared,equivalent to a miscellaneous 1099 report and in compliance withregulations in place. Such reports may comprise data sufficient tosummate the withholding tax due over a predetermined period of time(e.g., the annual period). Still further, such reports will be passed tothe websites for them to make available to their users within thepermitted statutory window. Such reports may then be used to aid theuser in filing out his tax returns The Form 1099 may include the user'sdeposits, withdraws, gross winnings, gross losses, gross wagers, netwinnings, net losses, and net wagers, and the tax withheld over the pastyear. Thus, each user may access his Form 1099 through the website andmay use the Form 1099 for preparation of the user's income tax return.In particular embodiments, the ASP, OSP, or website may alsoelectronically submit tax reports to the proper tax authorities and/orjurisdictions for the users.

General Considerations

As described elsewhere herein, various embodiments provide aregistration process in which a user may register to engage in one ormore transaction activities across multiple operators and/or websites.Such capabilities may provide better efficiencies and may reduce neededcomputing capacities in these various embodiments because eachindividual operator and/or website may not be required to conductvarious aspects of the registration process for a particular user or theregistration process at all to determine whether the user may engage intransaction activities with each individual operator and/or website.

For example, during a previous registration process for a particularuser based on various aspects of the current invention, the user's agemay have been verified. Therefore, in a current registration process forthe same user, the process may use the result obtained in the previousregistration (e.g., the verified age) and may not need to execute thestep in the current registration process to verify the user's age. Thus,the registration process involved in various embodiments of the currentinvention will not need to “waste” the time, resources, and computingcapacity to re-verify the user's age.

In addition, various embodiments provide a validation process forvalidating the types of transaction activities a user may engage in oneor more websites. In certain embodiments, certain checks are performedduring the validation process for a user to identify types oftransaction activities the user may or may not engage in on a particularwebsite. In particular embodiments, a number of these checks may bebypassed in a current validation process because the checks werepreviously performed during the registration process for the user orduring a previous validation process for the user. Thus, variousembodiments of the current invention facilitate the use of the resultsof past checks performed for a current validation process. Suchcapability may streamline the validation process and may result in theuse of less processing capacity and storage media.

Further, various embodiments of the current invention may providearchived information gathered on a user to one or more websites. Thiscan result in more efficient processing with respect to systemspracticing various aspects of the current invention and the one or morewebsites because the systems and the websites may not need to re-gatherinformation for the user in connection to the user engaging intransaction activities on the one or more websites.

In addition, because the systems practicing various aspects of variousembodiments of the current invention are configured to provide servicesto multiple operators and/or websites, in many instances such operatorsand/or websites may not need to have the infrastructure to carry outcertain functions that they may otherwise need to perform in order toconduct transaction activities with users. For instance, as discussedelsewhere in this disclosure, in various embodiments, multiple operatorsand/or websites may follow the practice of seeking authorization fordebiting credit cards through systems practicing various aspects of thecurrent invention. By following such a practice, better efficiency maybe realized in various embodiments because each operator and/or websitedoes not need to have the system infrastructure to communicate andinteract directly with the parties involved with seeking authorizationfor debiting credit cards of users. For example, each operator and/orwebsite does not need to have the infrastructure to communicate with thevarious card issuer networks associated with credit card issuing banks.These and further technical advantages, efficiencies, and improvedcapabilities are realized and discussed throughout the disclosure ofthis application.

CONCLUSION

The foregoing description of the various embodiments of the presentinvention has been presented for purposes of illustration anddescription. It is not intended to be exhaustive or to limit theinvention to the precise form disclosed. Many modifications and otherembodiments of the inventions set forth herein will come to mind to oneof ordinary skill in the art to which these inventions pertain havingthe benefit of the teachings presented in the foregoing descriptions andthe associated drawings. With this in mind, the embodiments were chosenand described to provide the best illustration of the principles of theinvention and its practical application to thereby enable one ofordinary skill in the art to utilize the invention in variousembodiments and with various modifications as may be suited to aparticular contemplated use. All such modifications and variations arewithin the scope of the invention as determined by the appended claimswhen interpreted in accordance with the breadth to which they arefairly, legally and equitably entitled. The drawings and preferredembodiments do not and are not intended to limit the ordinary meaning ofthe claims in their fair and broad interpretation in any way. Lastly,although specific terms are employed herein, they are used in a genericand descriptive sense only and not for purposes of limitation.

1. A system for registering a user with at least two websites, thesystem comprising: a memory; and at least one processor configured to:(a) receive a first set of attributes from a first website for the user,the first set of attributes comprising one or more attributes associatedwith the user; (b) after receiving the first set of attributes: (1)allocate a unique user identifier that is associated with the user; (2)associate the unique user identifier and the first set of attributes;and (3) store the unique user identifier and the first set of attributesin the memory; (c) receive a second set of attributes from a secondwebsite for the user, the second set of attributes comprising one ormore attributes associated with the user; and (d) after receiving thesecond set of attributes: (1) compare one or more attributes of thefirst set of attributes with one or more attributes of the second set ofattributes; and (2) in response to at least one attribute of the firstset of attributes matching at least one attribute of the second set ofattributes, associate the unique user identifier and the second set ofattributes, wherein after associating the unique user identifier withthe second set of attributes, at least one attribute of the first set ofattributes is provided to the second website.
 2. The system of claim 1,wherein the first website is independent from the second website.
 3. Thesystem of claim 1, wherein matching the at least one attribute of thefirst set of attributes with the at least one attribute of the secondset of attributes involves determining whether the at least oneattribute of the first set of attributes matches the at least oneattribute of the second set of attributes based on a confidence level.4. The system of claim 1, wherein the at least one processor is furtherconfigured to: obtain a verification of the user's identity based on atleast one attribute of the first set of attributes; and store theverification in the memory, wherein the verification is provided to thefirst website after receiving a request from the first website to verifythe user's identity.
 5. The system of claim 1, wherein the at least oneprocessor is further configured to: obtain a verification of age for theuser based on at least one attribute of the first set of attributes; andstore the age verification in the memory, wherein the age verificationidentifier is provided to the second website after receiving a requestfrom the second website to verify the age of the user.
 6. A system ofclaim 1, wherein the at least one processor is further configured to:(a) receive information from the first website, the informationidentifying the user and indicating the user is engaging in aninteractive session with the first website; and (b) after receiving theinformation: (1) validate a plurality of transaction activities the usercan engage in during the interactive session with the first website; (2)issue a session identifier that is associated with the plurality ofvalidated transaction activities, the unique user identifier, the firstwebsite, and the interactive session with the first website; (3) storethe session identifier along with the unique user identifier andinformation identifying the first website in the memory; and (4) sendthe session identifier and a listing of the plurality of validatedtransaction activities to the first website.
 7. The system of claim 6,wherein: the session identifier comprises a certificate that operates asproof the user was validated for conducting a purchase transactionactivity; and the processor is further configured to send thecertificate to the first website for incorporation within purchasetransaction data for the purchase transaction activity.
 8. The system ofclaim 1, wherein the at least one processor is further configured to:(a) receive information from the first website, the informationidentifying the user and indicating the user is engaging in aninteractive session with the first website; (b) after receiving theinformation: (1) validate a plurality of transaction activities the usercan engage in during the interactive session with the first website; (2)issue a session identifier that is associated with the plurality ofvalidated transaction activities, the unique user identifier, the firstwebsite, and the interactive session with the first website; and (3)store the session identifier along with the unique user identifier andinformation identifying the first website in the memory; (c) receiveinformation indicating the user wants to perform a first transactionactivity while engaged in the interactive session with the firstwebsite; and (d) after receiving the information indicating the userwants to perform the first activity: (1) determine a first resultindicating whether the first activity is included in the plurality ofvalidated activities associated with the session identifier; and (2)after determining the first result: (a) inform the first website of thefirst result; and (b) associate information indicating the firsttransaction activity with the session identifier, wherein the at leastone processor is configured to: (a) receive information indicating theuser wants to perform one or more subsequent transaction activitieswhile engaged in the interactive session with the first website, and (b)after receiving the information indicating the user wants to perform theone or more subsequent transaction activities, determine a subsequentresult for each one of the one or more subsequent transaction activitiesindicating whether the subsequent transaction activity is included inthe plurality of validated transaction activities associated with thesession identifier, and (c) after determining the subsequent result, (1)inform the first website of the subsequent result, and (2) storeinformation indicating the subsequent transaction activity with thesession identifier, as long as the user remains engaged in theinteractive session with the first website.
 9. The system of claim 1,wherein the first set of attributes uniquely identifies the user. 10.The system of claim 1, wherein the at least one attribute of the firstset of attributes is provided to the second website after the at leastone processor receives the unique user identifier from the secondwebsite.
 11. The system of claim 1, wherein after receiving the firstset of attributes, the at least one processor is further configured to:determine whether the user is listed in one or more exclusion databasesbased on one or more of the attributes in the first set of attributes;and in response to the user being listed in the one or more exclusiondatabases, inform the first website the user is not permitted toregister with the first website.
 12. The system of claim 1, wherein: (a)the first set of attributes received from the first website comprisesself-exclusion attributes indicating the user has excluded himself fromengaging in transaction activities on the first website; (b) the atleast one processor is configured to receive a request from the secondwebsite to verify whether the user is able to engage in transactionactivities on the second website, the request comprising informationidentifying the user; and (c) after receiving the request, the at leastone processor is configured to: (2) query the memory based on the uniqueuser identifier; and (3) in response to retrieving at least a portion ofthe self-exclusion attributes indicating the user is excluded fromengaging in transaction activities on the first website, send the secondwebsite an indication that the user is excluded from engaging intransaction activities on the second website.
 13. A method forregistering a user with at least two websites, the method comprising thesteps of: (a) receiving a first set of attributes over a network from afirst website for the user, the first set of attributes comprising oneor more attributes associated with the user; (b) after receiving thefirst set of attributes: (1) allocating a unique user identifier that isassociated with the user by at least one computing device comprising atleast one processor; (2) associating the unique user identifier and thefirst set of attributes; and (3) storing the unique user identifier andthe first set of attributes in a memory of the at least one computingdevice; (c) receiving a second set of attributes over the network from asecond website for the user, the second set of attributes comprising oneor more attributes associated with the user; and (d) after receiving thesecond set of attributes: (1) comparing one or more attributes of thefirst set of attributes with one or more attributes of the second set ofattributes by the at least one processor; and (2) in response to atleast one attribute of the first set of attributes matching at least oneattribute of the second set of attributes, associating the unique useridentifier and the second set of attributes in the memory, wherein afterassociating the unique user identifier with the second set ofattributes, at least one attribute of the first set of attributes isprovided to the second website over the network.
 14. The method of claim13, wherein the first website is independent from the second website.15. The method of claim 13, wherein matching the at least one attributeof the first set of attributes with the at least one attribute of thesecond set of attributes involves determining whether the at least oneattribute of the first set of attributes matches the at least oneattribute of the second set of attributes based on a confidence level.16. The method of claim 13, further comprising the steps of: obtaining,by the at least one processor, a verification of the user's identitybased on at least one attribute of the first set of attributes; andstoring the verification in the memory, wherein the verification isprovided to the first website after receiving a request from the firstwebsite over the network to verify the user's identity.
 17. The methodof claim 13, further comprising the steps of: obtaining, by the at leastone processor, a verification of age for the user based on at least oneattribute of the first set of attributes; and storing the ageverification in the memory, wherein the age verification is provided tothe second website after receiving a request over the network from thesecond website to verify the age of the user.
 18. The method of claim13, further comprising the steps of: receiving information over thenetwork from the first website, the information identifying the user andindicating the user is engaging in an interactive session with the firstwebsite; and after receiving the information: validating, by the atleast one processor, a plurality of transaction activities the user canengage in during the interactive session with the first website;issuing, by the at least one processor, a session identifier that isassociated with the plurality of validated transaction activities, theunique user identifier, the first website, and the interactive sessionwith the first website; storing the session identifier along with theunique user identifier and information identifying the first website inthe memory; and sending the session identifier and a listing of theplurality of validated transaction activities to the first website. 19.The method of claim 18, wherein: the session identifier comprises acertificate that operates as proof the user was validated for conductinga purchase transaction activity; and the method further comprises thestep of sending the certificate to the first website for incorporationwithin purchase transaction data for the purchase transaction activity.20. The method of claim 13, further comprising the steps of: receivinginformation over the network from the first website, the informationidentifying the user and indicating the user is engaging in aninteractive session with the first website; after receiving theinformation: validating, by the at least one processor, a plurality oftransaction activities the user can engage in during the interactivesession with the first website; issuing, by the at least one processor,a session identifier that is associated with the plurality of validatedtransaction activities, the unique user identifier, the first website,and the interactive session with the first website; and storing thesession identifier along with the unique user identifier and informationidentifying the first website in the memory; receiving information overthe network indicating the user wants to perform a first transactionactivity while engaged in the interactive session with the firstwebsite; and after receiving the information indicating the user wantsto perform the first activity: determining, by the at least oneprocessor, a first result indicating whether the first transactionactivity is included in the plurality of validated transactionactivities associated with the session identifier; and after determiningthe first result: informing the first website of the first result; andassociating information indicating the first transaction activity withthe session identifier, wherein the method further comprises the stepsof: (a) receiving information over the network indicating the user wantsto perform one or more subsequent transaction activities while engagedin the interactive session with the first website, and (b) afterreceiving the information indicating the user wants to perform the oneor more subsequent transaction activities, determining, by the at leastone processor, a subsequent result for each one of the one or moresubsequent transaction activities indicating whether the subsequenttransaction activity is included in the plurality of validatedtransaction activities associated with the session identifier, and (c)after determining the subsequent result, (1) informing the first websiteof the subsequent result, and (2) storing information indicating thesubsequent transaction activity with the session identifier, as long asthe user remains engaged in the interactive session with the firstwebsite.
 21. The method of claim 13, wherein the first set of attributesuniquely identifies the user.
 22. The method of claim 13, wherein the atleast one attribute of the first set of attributes is provided to thesecond website after receiving the unique user identifier over thenetwork from the second website.
 23. The method of claim 13, furthercomprising the steps of: after receiving the first set of attributes,determining, by the at least one processor, whether the user is listedin one or more exclusion databases based on one or more of theattributes in the first set of attributes; and in response to the userbeing listed in the one or more exclusion databases, informing the firstwebsite the user is not permitted to register with the first website.24. The method of claim 13, wherein the first set of attributes receivedfrom the first website comprises self-exclusion attributes indicatingthe user has excluded himself from engaging in transaction activities onthe first website, and the method comprises the steps of: receiving arequest from the second website over the network to verify whether theuser is able to engage in transaction activities on the second website,the request comprising information identifying the user; and afterreceiving the request, querying, by the at least on processor, thememory based on the unique user identifier; and after retrieving atleast a portion of the self-exclusion attributes indicating the user isexcluded from engaging in transaction activities on the first website,sending, by the at least one processor, the second website an indicationthat the user is excluded from engaging in transaction activities on thesecond website.
 25. A system for registering a user with at least twowebsites, the system comprising: a memory; and at least one processorconfigured to: (a) receive user registration information from the user;(b) after receiving the user registration information: (1) allocate aunique user identifier that is associated with the user; (2) associatethe unique user identifier and the user registration information; (3)store the unique user identifier and the user registration informationin the memory; and (4) provide the unique user identifier to the user;(c) receive first registration information from a first website; (d)after receiving the first registration information, register the firstwebsite for a validation service; (e) receive second registrationinformation from a second website; (f) after receiving the secondregistration information, register the second website for the validationservice; (g) receive the unique user identifier from the first website;(h) after receiving the unique user identifier from the first website:(1) apply the validation service to obtain a first validation resultindicating what transaction activities the user can conduct on the firstwebsite; and (2) communicate the first validation result to the firstwebsite; (i) receive the unique user identifier from the second website;and (j) after receiving the unique user identifier from the secondwebsite: (1) apply the validation service to obtain a second validationresult indicating what transaction activities the user can conduct onthe second website; and (2) communicate the second validation result tothe first website.
 26. The system of claim 25, wherein the first websiteis independent from the second website.
 27. The system of claim 25,wherein the at least one processor is further configured to issue andcommunicate a certificate along with the first validation result to thefirst website for inclusion in purchase transaction data for a purchasetransaction activity associated with the plurality of validatedtransaction activities, wherein the certificate operates as proof theuser was validated for conducting the purchase transaction activity. 28.The system of claim 27, wherein the certificate comprises an indicationthat the user satisfied an age requirement for conducting the purchasetransaction activity.
 29. A method for registering a user with at leasttwo websites, the method comprising the steps of: (a) receiving userregistration information from the user; (b) after receiving the userregistration information: (1) allocating a unique user identifier thatis associated with the user by at least one computing device comprisingat least one processor; (2) associating the unique user identifier andthe user registration information; (3) storing the unique useridentifier and the user registration information in a memory of the atleast one computing device; and (4) providing the unique user identifierto the user; (c) receiving first registration information from a firstwebsite; (d) after receiving the first registration information,registering the first website for a validation service by the at leastone processor; (e) receiving second registration information from asecond website; (f) after receiving the second registration information,registering the second website for the validation service by the atleast one processor; (g) receiving the unique user identifier from thefirst website; (h) after receiving the unique user identifier from thefirst website: (1) applying the validation service, by the at least oneprocessor, to obtain a first validation result indicating whattransaction activities the user can conduct on the first website; and(2) communicating the first validation result to the first website; (i)receiving the unique user identifier from the second website; and (j)after receiving the unique user identifier from the second website: (1)applying the validation service, by the at least one processor, toobtain a second validation result indicating what transaction activitiesthe user can conduct on the second website; and (2) communicating thesecond validation result to the first website.
 30. The method of claim29, wherein the first website is independent from the second website.31. The method of claim 29, further comprising the step of issuing andcommunicating a certificate along with the first validation result tothe first website for incorporation within purchase transaction data fora purchase transaction activity associated with the plurality ofvalidated transaction activities, wherein the certificate operates asproof the user was validated for conducting the purchase transactionactivity.
 32. The system of claim 31, wherein the certificate comprisesan indication that the user satisfied an age requirement for conductingthe purchase transaction activity.